Main Vulnerability Database SB2019060102

SB2019060102 - Path traversal in Evernote

Published: June 1, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019060102

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2019-10038)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

Remediation

Install update from vendor's website.

References

https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing
https://evernote.com/security/updates
https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html