Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

Published

2024-10-23T19:15:19.833

Last Modified

2024-10-30T13:46:31.657

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	snyk	snyk_cli	< 1.1294.0	Yes

References

https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d Patch ([email protected])