Evernote: >> Evernote >> 7.2.1 Security Vulnerabilities
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-09-30
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-12-11