Lucene search
+L

6 matches found

veracode
veracode
added 2024/10/28 8:44 a.m.12 views

OS Command Injection

snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...

8.8CVSS7.2AI score0.0043EPSS
Exploits0References3Affected Software1
vulnersosv
vulnersosv
added 2024/10/23 9:30 p.m.10 views

@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +69 more potentially affected by CVE-2024-48964 via snyk-gradle-plugin (>=1.0.2 <=3.9.0)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.1.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-48964 Source advisory: OSV:GHSA-QQQW-GM93-QF6M...

8.8CVSS5.8AI score0.0043EPSS
Exploits0
snyk
snyk
added 2024/10/23 10:35 a.m.3 views

Code Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...

8.8CVSS7AI score0.0043EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2022/11/30 3:30 p.m.3 views

@adobe/git-server (>=0.9.17 <=1.0.0), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=5.7.6) +49 more potentially affected by CVE-2022-22984 via snyk-gradle-plugin (>=1.0.2 <=3.24.2)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =3.11.9, =0.0.70, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.0.7, =1.0.9 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

6.3CVSS6.6AI score0.03007EPSS
Exploits1
osv
osv
added 2022/11/30 3:30 p.m.8 views

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

6.3CVSS7AI score0.03007EPSS
Exploits1References18
snyk
snyk
added 2022/09/29 1:34 p.m.1 views

Command Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...

7.8CVSS7.8AI score0.03007EPSS
Exploits2References2
Rows per page
Query Builder