The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
References
Configurations
History
30 Oct 2024, 13:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d - Patch | |
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:snyk:snyk_cli:*:*:*:*:*:*:*:* | |
First Time |
Snyk
Snyk snyk Cli |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Oct 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-23 19:15
Updated : 2024-10-30 13:46
NVD link : CVE-2024-48964
Mitre link : CVE-2024-48964
CVE.ORG link : CVE-2024-48964
JSON object : View
Products Affected
snyk
- snyk_cli