{"id":20957948,"url":"https://github.com/jonpalmisc/cve-2021-40531","last_synced_at":"2025-07-13T05:35:52.572Z","repository":{"id":124277927,"uuid":"429884385","full_name":"jonpalmisc/CVE-2021-40531","owner":"jonpalmisc","description":"Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)","archived":false,"fork":false,"pushed_at":"2021-11-22T14:52:04.000Z","size":2,"stargazers_count":12,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-07T01:49:42.639Z","etag":null,"topics":["cve","macos","sketch"],"latest_commit_sha":null,"homepage":"https://jonpalmisc.com/2021/11/22/cve-2021-40531","language":"HTML","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonpalmisc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-19T17:38:34.000Z","updated_at":"2023-03-12T19:22:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"5205b008-b01d-490b-85cd-183fbced2140","html_url":"https://github.com/jonpalmisc/CVE-2021-40531","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonpalmisc%2FCVE-2021-40531","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonpalmisc%2FCVE-2021-40531/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonpalmisc%2FCVE-2021-40531/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonpalmisc%2FCVE-2021-40531/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonpalmisc","download_url":"https://codeload.github.com/jonpalmisc/CVE-2021-40531/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254084643,"owners_count":22011915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","macos","sketch"],"created_at":"2024-11-19T01:44:46.584Z","updated_at":"2025-05-14T06:31:43.372Z","avatar_url":"https://github.com/jonpalmisc.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2021-40531\n\n![Exploit Demo](https://jonpalmisc.com/assets/img/cve-2021-40531/demo.gif)\n\n\u003e This proof-of-concept in action.\n\n[Sketch](https://www.sketch.com) is a popular UI/UX design app for macOS. This\npost covers a vulnerability in Sketch that I discovered back in July,\nCVE-2021-40531. In its simplest form, it is a macOS quarantine bypass, but in\ncontext it can be used for remote code execution.\n\nFor more details, see my [blog post](https://jonpalmisc.com/2021/11/22/cve-2021-40531)\nfor a complete writeup.\n\n## Notes\n\nIf you are testing this proof-of-concept locally, be aware that `feed.rss`\nexpects your web server to be running on port 8080.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonpalmisc%2Fcve-2021-40531","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonpalmisc%2Fcve-2021-40531","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonpalmisc%2Fcve-2021-40531/lists"}