CycloneDX Generator 安全漏洞

CycloneDX Generator cdxgen is a CLI tool, library, REPL and server for CycloneDX open source. It is used to create valid and compatible CycloneDX bill of materials. A security vulnerability exists in CycloneDX Generator version 10.10.7 and prior versions, which stems from the possibility of...

@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +69 more potentially affected by CVE-2024-48964 via snyk-gradle-plugin (>=1.0.2 <=3.9.0)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.1.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-48964 Source advisory: OSV:GHSA-QQQW-GM93-QF6M...

OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects...

GHSA-QQQW-GM93-QF6M OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects...

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...

CVE-2024-48964

The CVE-2024-48964 entry concerns the Snyk CLI prior to 1.1294.0, vulnerable to Code Injection when scanning an untrusted Gradle project due to improper handling of the current working directory name. Affected software: Snyk CLI (pre-1.1294.0). Impact: potential code injection during a test run i...

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...

Code Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...

PT-2024-33301 · Snyk · Snyk Cli

Name of the Vulnerable Software and Affected Versions: Snyk CLI versions prior to 1.1294.0 Description: The issue is related to Code Injection when scanning an untrusted Gradle project. It can be triggered if a test is run inside the untrusted project due to the improper handling of the current...

Snyk CLI 安全漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in projects. A security vulnerability exists in Snyk CLI versions prior to 1.1294.0 that stems from vulnerability to code injection attacks when scanning for untrusted Gradle projects...

Leverage the Power of 45k, free, Hugging Face Models with Spring AI and Ollama

This blog post is co-authored by our great contributor Thomas Vitale. Ollama now supports all GGUF models from Hugging Face , allowing access to over 45,000 community-created models through Spring AI's Ollama integration, runnable locally. We'll explore using this new feature with Spring AI. The...

build.less:build.less.gradle.plugin (>=1.0.0-beta1 <=1.0.0-rc2), build.less:buildless-plugin-gradle (>=1.0.0-beta1 <=1.0.0-rc2) +178 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (>=3.17.3 <=3.25.3)

com.google.protobuf:protobuf-kotlin MAVEN version =3.17.3, =1.0.0-beta1, =1.0.0-beta1, =7.0.0, =0.5.0, =0.0.1-alpha02, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =32.1.0-alpha04 and more S...

openSUSE Security Advisory (SUSE-SU-2024:3163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2024:3163-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3163-1 advisory. - CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location...

SUSE-SU-2024:3163-1 Security update for gradle

This update for gradle fixes the following issues: - CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location. bsc1212930...

A Bootiful Podcast: Gradle and Develocity engineer and Spring community legend Eric Haag

Hi, Spring fans! In this episode I talk to Gradle and Develocity engineer and Spring community legend Eric Haag...

OPENSUSE-SU-2024:10817-1 gradle-4.4.1-7.2 on GA media

These are all security issues fixed in the gradle-4.4.1-7.2 package on the GA media of openSUSE Tumbleweed...

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,...