The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
References
Link | Resource |
---|---|
https://github.com/snyk/snyk-php-plugin/releases/tag/v1.10.0 | Release Notes |
Configurations
History
30 Oct 2024, 14:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:snyk:snyk_cli:*:*:*:*:*:*:*:* | |
First Time |
Snyk
Snyk snyk Cli |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://github.com/snyk/snyk-php-plugin/releases/tag/v1.10.0 - Release Notes |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Oct 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-23 19:15
Updated : 2024-10-30 14:54
NVD link : CVE-2024-48963
Mitre link : CVE-2024-48963
CVE.ORG link : CVE-2024-48963
JSON object : View
Products Affected
snyk
- snyk_cli
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')