3 matches found
@adobe/helix-cli (>=0.10.6 <=1.0.0), @berries/acai-cli (=1.3.5) +53 more potentially affected by CVE-2022-22984 via snyk-mvn-plugin (>=1.0.0 <=2.31.2)
snyk-mvn-plugin NPM version =1.0.0, =0.10.6, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.21, =2.6.1, =2.6.1, =5.0.0, =3.0.3-beta.1, =1.0.7, =1.0.9 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...
GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
Command Injection
Overview snyk-mvn-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Maven projects that use mvn and have a pom.xml file. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attacke...