GHSA-qqqw-gm93-qf6m

Опубликовано: 23 окт. 2024

Источник: github

Github: Прошло ревью

CVSS4: 7.5

CVSS3: 7.5

Описание

OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

Ссылки

Пакеты

Наименование

snyk-gradle-plugin

npm

Затронутые версииВерсия исправления

< 4.5.0

4.5.0

EPSS

Процентиль: 22%

0.00072

Низкий

7.5 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-48964

Дефекты

CWE-78

CWE-94

Связанные уязвимости

CVE-2024-48964

CVSS3: 7.5

nvd

больше 1 года назад

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

EPSS

Процентиль: 22%

0.00072

Низкий

7.5 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-48964

Дефекты

CWE-78

CWE-94