CVE-2022-25914

Опубликовано: 08 сент. 2022

Источник: nvd

CVSS3: 5.6

CVSS3: 9.8

EPSS Низкий

Описание

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

Ссылки

https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf
Patch
Third Party Advisory
https://github.com/GoogleContainerTools/jib/pull/3744
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871
Third Party Advisory
https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf
Patch
Third Party Advisory
https://github.com/GoogleContainerTools/jib/pull/3744
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jib_project:jib:*:*:*:*:*:*:*:*

Версия до 0.22.0 (исключая)

EPSS

Процентиль: 88%

0.03874

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-25914

CVSS3: 9.8

redhat

больше 3 лет назад

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

GHSA-936v-cg49-m2g5

CVSS3: 9.8

github

больше 3 лет назад

com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)

EPSS

Процентиль: 88%

0.03874

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo