Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7233

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.03007EPSS
Exploits1References19
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.30 views

snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

8.8CVSS7.4AI score0.00718EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/11/30 3:30 p.m.1 views

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

6.3CVSS7AI score0.03007EPSS
Exploits1References18
Github Security Blog
Github Security Blog
added 2022/11/30 3:30 p.m.36 views

Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

6.3CVSS2.9AI score0.03007EPSS
Exploits1References19Affected Software8
Prion
Prion
added 2022/11/30 1:15 p.m.24 views

Code injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

6.8CVSS7.1AI score0.00718EPSS
Exploits2References7Affected Software3
Prion
Prion
added 2022/11/30 1:15 p.m.19 views

Command injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

6.5CVSS7.5AI score0.03007EPSS
Exploits2References17Affected Software8
CVE
CVE
added 2022/11/30 12:0 a.m.115 views

CVE-2022-22984

Technical details (affected products/versions, root cause, fixes) for CVE-2022-22984 are not provided in the supplied documents. Monitor for updates from the listed sources for clarification and remediation guidance.

6.3CVSS7AI score0.03007EPSS
Exploits1References17Affected Software8
vulnersOsv
vulnersOsv
added 2022/10/04 12:0 a.m.5 views

20ful (>=0.2.1 <=0.3.5), @a2r/telemetry (>=1.0.40 <=1.0.41) +1315 more potentially affected by CVE-2022-40764 via snyk (>=0.5.0 <=1.96.0)

snyk NPM version =0.5.0, =0.2.1, =1.0.40, =0.0.2, =2.0.8, =1.1.2, =2.1.0, =1.5.1, =1.11.0, =0.0.1-SNAPSHOT.4, =0.3.0-SNAPSHOT.293, =1.0.0, =0.8.1-pre.3, =6.1.4 and more Source cves: CVE-2022-40764 Source advisory: OSV:GHSA-HPQJ-7CJ6-HFJ8...

7.8CVSS6.8AI score0.00529EPSS
Exploits1
NVD
NVD
added 2022/10/03 3:15 p.m.36 views

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

7.8CVSS0.00529EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/10/03 3:15 p.m.4 views

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

7.8CVSS5.9AI score0.00529EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/10/03 2:3 p.m.42 views

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

7.3AI score0.00529EPSS
Exploits1References4
CVE
CVE
added 2022/10/03 2:3 p.m.88 views

CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

7.8CVSS6.9AI score0.00529EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2022/10/03 2:3 p.m.24 views

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

7.8CVSS7.8AI score0.00529EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.6 views

@candrewsintegralblue/snyk (=0.0.4), @commerce-apps/raml-toolkit (>=0.5.8 <=0.5.10) +2 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-hex-plugin (>=1.0.0 <=1.1.4)

@snyk/snyk-hex-plugin NPM version =1.0.0, =0.5.8, =3.0.3-beta.1, =1.520.0, =1.684.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKHEXPLUGIN-3039680...

7.8CVSS6.7AI score0.03007EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.7 views

addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-22984 +1 more via snyk (>=1.103.2 <=1.105.0)

snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3038622...

7.8CVSS6.7AI score0.03007EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.4 views

@adobe/git-server (>=1.0.3 <=1.0.5), @adobe/helix-cli (>=5.9.3 <=6.1.0) +30 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-cocoapods-plugin (>=2.0.1 <=2.5.2)

@snyk/snyk-cocoapods-plugin NPM version =2.0.1, =1.0.3, =5.9.3, =2.17.2, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.8, =0.2.0, =1.20.0-alpha.11736.3, =1.24.0-alpha.1 and more Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKCOCOAPODSPLUGIN-3038625...

7.8CVSS6.7AI score0.03007EPSS
Exploits2
Snyk
Snyk
added 2022/09/29 1:34 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

7.8CVSS7.1AI score0.03007EPSS
Exploits2References2
Snyk
Snyk
added 2022/09/29 1:34 p.m.1 views

Command Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...

7.8CVSS7.8AI score0.03007EPSS
Exploits2References2
Snyk
Snyk
added 2022/09/29 1:34 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

7.8CVSS7.9AI score0.03007EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.5 views

addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-24441 +1 more via snyk (>=1.103.2 <=1.105.0)

snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3111871...

8.8CVSS6.9AI score0.00718EPSS
Exploits2
Rows per page
Query Builder