7 matches found
GHSA-HXF3-VGPM-FV9P CycloneDX cdxgen may execute code contained within build-related files
CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
@remy/protect-test (>=1.0.5 <=1.0.10), addons-linter (>=1.3.6 <=1.4.0) +2 more potentially affected by CVE-2022-24441 via snyk (>=0.5.0 <=1.105.0)
snyk NPM version =0.5.0, =1.0.5, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441 Source advisory: OSV:GHSA-4VRV-93C7-M92J...
CVE-2022-24441
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...
CVE-2022-24441 Code Injection
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...
CVE-2022-24441 Code Injection
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...
CVE-2022-24441
CVE-2022-24441 relates to a code injection flaw in Snyk when analyzing a project. According to the provided description, snyk before 1.1064.0 can be leveraged by convincing a user to scan a malicious project, including commands in build files (e.g., build.gradle or gradle-wrapper.jar), which will...
addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-24441 +1 more via snyk (>=1.103.2 <=1.105.0)
snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3111871...