21 matches found
EUVD-2022-7233
Malicious code in bioql PyPI...
snyk Code Injection vulnerability
The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...
GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
Snyk plugins vulnerable to Command Injection
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
Code injection
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...
Command injection
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
CVE-2022-22984
Technical details (affected products/versions, root cause, fixes) for CVE-2022-22984 are not provided in the supplied documents. Monitor for updates from the listed sources for clarification and remediation guidance.
20ful (>=0.2.1 <=0.3.5), @a2r/telemetry (>=1.0.40 <=1.0.41) +1315 more potentially affected by CVE-2022-40764 via snyk (>=0.5.0 <=1.96.0)
snyk NPM version =0.5.0, =0.2.1, =1.0.40, =0.0.2, =2.0.8, =1.1.2, =2.1.0, =1.5.1, =1.11.0, =0.0.1-SNAPSHOT.4, =0.3.0-SNAPSHOT.293, =1.0.0, =0.8.1-pre.3, =6.1.4 and more Source cves: CVE-2022-40764 Source advisory: OSV:GHSA-HPQJ-7CJ6-HFJ8...
CVE-2022-40764
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...
CVE-2022-40764
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...
CVE-2022-40764
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...
CVE-2022-40764
CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...
CVE-2022-40764
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...
@candrewsintegralblue/snyk (=0.0.4), @commerce-apps/raml-toolkit (>=0.5.8 <=0.5.10) +2 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-hex-plugin (>=1.0.0 <=1.1.4)
@snyk/snyk-hex-plugin NPM version =1.0.0, =0.5.8, =3.0.3-beta.1, =1.520.0, =1.684.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKHEXPLUGIN-3039680...
addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-22984 +1 more via snyk (>=1.103.2 <=1.105.0)
snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3038622...
@adobe/git-server (>=1.0.3 <=1.0.5), @adobe/helix-cli (>=5.9.3 <=6.1.0) +30 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-cocoapods-plugin (>=2.0.1 <=2.5.2)
@snyk/snyk-cocoapods-plugin NPM version =2.0.1, =1.0.3, =5.9.3, =2.17.2, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.8, =0.2.0, =1.20.0-alpha.11736.3, =1.24.0-alpha.1 and more Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKCOCOAPODSPLUGIN-3038625...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...
Command Injection
Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...
addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-24441 +1 more via snyk (>=1.103.2 <=1.105.0)
snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3111871...