CVE-2026-31960

{"id": "CVE-2026-31960", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2026-03-11T20:16:16.940", "references": [{"url": "https://github.com/anchore/quill/security/advisories/GHSA-g32c-4pvp-769g", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS certificate validation; however, environments with TLS-intercepting proxies (common in corporate networks), compromised certificate authorities, or other trust boundary violations are at risk. When processing HTTP responses during notarization, Quill reads the entire response body into memory without any size limit. An attacker who can control or modify the response content can return an arbitrarily large payload, causing the Quill client to run out of memory and crash. The impact is limited to availability; there is no effect on confidentiality or integrity. Both the Quill CLI and library are affected when used to perform notarization operations. This vulnerability is fixed in 0.7.1."}, {"lang": "es", "value": "Quill proporciona firma binaria de mac simple y notarizaci\u00f3n desde cualquier plataforma. Quill antes de la versi\u00f3n v0.7.1 tiene lecturas ilimitadas de cuerpos de respuesta HTTP durante el proceso de notarizaci\u00f3n de Apple. La explotaci\u00f3n requiere la capacidad de modificar respuestas de API del servicio de notarizaci\u00f3n de Apple, lo cual no es posible bajo condiciones de red est\u00e1ndar debido a HTTPS con validaci\u00f3n adecuada de certificados TLS; sin embargo, entornos con proxies de intercepci\u00f3n TLS (comunes en redes corporativas), autoridades de certificaci\u00f3n comprometidas, u otras violaciones de l\u00edmites de confianza est\u00e1n en riesgo. Al procesar respuestas HTTP durante la notarizaci\u00f3n, Quill lee el cuerpo completo de la respuesta en la memoria sin ning\u00fan l\u00edmite de tama\u00f1o. Un atacante que puede controlar o modificar el contenido de la respuesta puede devolver una carga \u00fatil arbitrariamente grande, haciendo que el cliente de Quill se quede sin memoria y falle. El impacto se limita a la disponibilidad; no hay efecto en la confidencialidad o integridad. Tanto la CLI de Quill como la biblioteca se ven afectadas cuando se utilizan para realizar operaciones de notarizaci\u00f3n. Esta vulnerabilidad se corrige en 0.7.1."}], "lastModified": "2026-03-16T19:19:38.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anchore:quill:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E31EEF-FC47-43F9-8797-60E94FB1C0E5", "versionEndExcluding": "0.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}