CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 2CVE-2022-24441 – Code Injection
https://notcve.org/view.php?id=CVE-2022-24441
30 Nov 2022 — The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require ... • https://github.com/snyk/snyk-eclipse-plugin/commit/b5a8bce25a359ced75f83a729fc6b2393fc9a495 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •