Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.
2020-02-25T21:15:10.907
2024-11-21T04:43:02.050
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | druva | insync | 6.5.0 | Yes |
Operating System | apple | macos | - | No |