Quill Server-Side Request Forgery Vulnerability in Notarization Log Retrieval

A Server-Side Request Forgery (SSRF) vulnerability exists in Quill versions prior to 0.7.1. This issue arises when Quill fetches Apple notarization submission logs, as the application does not validate the URL scheme or ensure that the host does not point to local or multicast IP addresses. Exploitation requires the ability to modify API responses from Apple's notarization service, which is generally not feasible under standard network conditions due to HTTPS and proper TLS certificate validation. However, environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations are at risk. An attacker who can tamper with the response could supply an arbitrary URL, leading the Quill client to make HTTP or HTTPS requests to attacker-controlled or internal network destinations. This could result in the exfiltration of sensitive data, such as cloud provider credentials or internal service responses. Both the Quill CLI and library are affected when used to retrieve notarization submission logs.

Impact

Exploitation of this vulnerability could allow for unauthorized HTTP or HTTPS requests to be made from the Quill client to attacker-controlled or internal network destinations, potentially leading to the exfiltration of sensitive data such as cloud provider credentials or internal service responses.

Remediation

Users can upgrade to Quill version 0.7.1 to address this vulnerability.