PT-2019-11390 · Evernote · Evernote
Dhiraj
·
Published
2019-04-18
·
Updated
2020-05-11
·
CVE-2019-10038
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Evernote version 7.9
Description:
The issue allows attackers to execute arbitrary programs by embedding a reference to a local executable file, such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
Recommendations:
For Evernote version 7.9, consider disabling the execution of local files as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evernote