EUVD-2022-6750

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

jib-core: RCE via the isDockerInstalled

A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target...

CVE-2022-25914

A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target...

Remote Code Execution

com.google.cloud.tools:jib-core is vulnerable to remote code execution. The executables are run without verifying whether the provided docker path is accurate, which allows a remote attacker to upload and execute malicious code via the vulnerable isDockerInstalled function...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: OSV:GHSA-936V-CG49-M2G5...

GHSA-936V-CG49-M2G5 com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input...

Remote code execution

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input...

CVE-2022-25914

CVE-2022-25914 affects the jib-core library from Google Cloud Tools (versions before 0.22.0). The impact is Remote Code Execution via the isDockerInstalled function when handling input, as documented across multiple sources (GHSA, NVD, OSV). Affected component: com.google.cloud.tools:jib-core; ro...

CVE-2022-25914

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input...

PT-2022-17601 · Google · Jib-Core

Name of the Vulnerable Software and Affected Versions: com.google.cloud.tools:jib-core versions prior to 0.22.0 Description: The issue allows for Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input. Recommendations: For versions prior to 0.22.0, update...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: SNYK:JAVA-COMGOOGLECLOUDTOOLS-2968871...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input. PoC: java public static void poc Path path = Paths.get"whoami"; DockerClient.isDockerInstalledpath; Remediation Upgrade...