CVE-2024-11681 – Remote Code Execution in MacPorts

https://notcve.org/view.php?id=CVE-2024-11681

07 Jan 2025 — A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. • https://github.com/google/security-research/security/advisories/GHSA-2j38-pjh8-wfxw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •