CVE-2024-38368

Name of the Vulnerable Software and Affected Versions: CocoaPods (affected versions not specified)

Description: The issue is related to the CocoaPods dependency manager, specifically affecting older pods that migrated from the pre-2014 pull request workflow to trunk. If a pod had never been claimed, it was still possible to do so, and it was also possible to remove all owners from a pod, making it available for claiming. This vulnerability could allow an attacker to gain unauthorized access to protected information about some pods, modify their content, or replace it with arbitrary code. The estimated number of potentially affected devices is not explicitly stated, but it is mentioned that thousands of iOS and macOS apps could be impacted.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.