CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48964
https://notcve.org/view.php?id=CVE-2024-48964
23 Oct 2024 — The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. • https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 9CVE-2022-22984 – Command Injection
https://notcve.org/view.php?id=CVE-2022-22984
30 Nov 2022 — The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploi... • https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •