The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 30 Oct 2024 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-94 | |
| CPEs | cpe:2.3:a:snyk:snyk_cli:*:*:*:*:*:*:*:* | 
Thu, 24 Oct 2024 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Snyk Snyk snyk Cli Snyk snyk Gradle Plugin | |
| CPEs | cpe:2.3:a:snyk:snyk_cli:-:*:*:*:*:*:*:* cpe:2.3:a:snyk:snyk_gradle_plugin:*:*:*:*:*:*:*:* | |
| Vendors & Products | Snyk Snyk snyk Cli Snyk snyk Gradle Plugin | |
| Metrics | ssvc 
 | 
Wed, 23 Oct 2024 18:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. | |
| Weaknesses | CWE-78 | |
| References |  | |
| Metrics | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: snyk
Published: 2024-10-23T18:24:42.404Z
Updated: 2024-10-24T13:48:00.580Z
Reserved: 2024-10-10T12:49:33.454Z
Link: CVE-2024-48964
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-10-24T13:47:54.871Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-10-23T19:15:19.833
Modified: 2024-10-30T13:46:31.657
Link: CVE-2024-48964
 Redhat
                        Redhat
                    No data.