{"id":"CVE-2022-25366","details":"Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.","modified":"2026-04-12T04:42:08.687178Z","published":"2022-02-19T03:15:14.867Z","references":[{"type":"WEB","url":"https://medium.com/%40tehwinsam/cryptomator-1-6-5-dylib-injection-8004a1e90b26"},{"type":"ADVISORY","url":"https://cryptomator.org/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cryptomator/cryptomator","events":[{"introduced":"0"},{"last_affected":"a05dcd2f14f8b86430b1a8b995f7de8493418261"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.6.5"}],"cpe":"cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*"}}],"versions":["0.10.0","0.11.0","0.3.0","0.4.0","0.5.0","0.5.1","0.6.0","0.7.0","0.7.1","0.8.0","0.8.1","0.9.0","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.3.0","1.3.0-rc1","1.3.0-rc2","1.3.0-rc3","1.3.0-rc4","1.3.0-rc5","1.3.0-rc6","1.3.0-rc7","1.3.0-rc8","1.3.0-rc9","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.0-beta1","1.4.0-beta2","1.4.0-beta3","1.4.0-rc1","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.0-alpha1","1.5.0-alpha2","1.5.0-beta1","1.5.0-beta2","1.5.0-beta3","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.15","1.5.16","1.5.17","1.5.18","1.5.19","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25366.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}