6 matches found
OS Command Injection
snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...
@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +69 more potentially affected by CVE-2024-48964 via snyk-gradle-plugin (>=1.0.2 <=3.9.0)
snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.1.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-48964 Source advisory: OSV:GHSA-QQQW-GM93-QF6M...
Code Injection
Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...
@adobe/git-server (>=0.9.17 <=1.0.0), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=5.7.6) +49 more potentially affected by CVE-2022-22984 via snyk-gradle-plugin (>=1.0.2 <=3.24.2)
snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =3.11.9, =0.0.70, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.0.7, =1.0.9 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...
GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
Command Injection
Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...