Lucene search
K

7 matches found

OSV
OSV
added 2024/10/28 12:30 a.m.17 views

GHSA-HXF3-VGPM-FV9P CycloneDX cdxgen may execute code contained within build-related files

CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

7.1CVSS7.9AI score0.00831EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2023/07/06 7:24 p.m.4 views

@remy/protect-test (>=1.0.5 <=1.0.10), addons-linter (>=1.3.6 <=1.4.0) +2 more potentially affected by CVE-2022-24441 via snyk (>=0.5.0 <=1.105.0)

snyk NPM version =0.5.0, =1.0.5, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441 Source advisory: OSV:GHSA-4VRV-93C7-M92J...

8.8CVSS7.2AI score0.00718EPSS
Exploits1
NVD
NVD
added 2022/11/30 1:15 p.m.20 views

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

8.8CVSS0.00718EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/11/30 12:0 a.m.7 views

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

5.8CVSS8.9AI score0.00718EPSS
Exploits1References7
OSV
OSV
added 2022/11/30 12:0 a.m.31 views

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

5.8CVSS7.1AI score0.00718EPSS
Exploits1References9
CVE
CVE
added 2022/11/30 12:0 a.m.97 views

CVE-2022-24441

CVE-2022-24441 relates to a code injection flaw in Snyk when analyzing a project. According to the provided description, snyk before 1.1064.0 can be leveraged by convincing a user to scan a malicious project, including commands in build files (e.g., build.gradle or gradle-wrapper.jar), which will...

8.8CVSS6.5AI score0.00718EPSS
Exploits1References7Affected Software3
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.5 views

addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-24441 +1 more via snyk (>=1.103.2 <=1.105.0)

snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3111871...

8.8CVSS6.9AI score0.00718EPSS
Exploits2
Rows per page
Query Builder