CVE-2024-48964

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48964

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48964.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48964

Aliases

GHSA-qqqw-gm93-qf6m

Related

CGA-j5vv-8w7m-9fr5

Withdrawn

2024-10-31T00:45:19.181317Z

Published

2024-10-23T19:15:19Z

Modified

2024-10-30T15:40:03.401203Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

References

https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d

Affected packages

Git / github.com/snyk/snyk-gradle-plugin

Affected ranges

Type: GIT
Repo: https://github.com/snyk/snyk-gradle-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2f5ee7579f00660282dd161a0b79690f4a9c865d

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.3.0

v1.3.1

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.11.0

v2.11.1

v2.11.2

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.1

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.12.0

v3.12.1

v3.12.2

v3.12.3

v3.12.4

v3.12.5

v3.13.0

v3.13.1

v3.13.2

v3.14.0

v3.14.1

v3.14.2

v3.14.3

v3.14.4

v3.14.5

v3.15.0

v3.16.0

v3.16.1

v3.16.2

v3.17.0

v3.18.0

v3.18.1

v3.18.2

v3.18.3

v3.19.0

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.20.0

v3.20.1

v3.20.2

v3.21.0

v3.21.1

v3.22.0

v3.22.1

v3.22.2

v3.23.0

v3.23.1

v3.23.2

v3.24.0

v3.24.1

v3.24.2

v3.24.3

v3.24.4

v3.24.5

v3.24.6

v3.25.0

v3.25.1

v3.25.2

v3.26.0

v3.26.1

v3.26.2

v3.26.3

v3.26.4

v3.27.0

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.4.0

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.8.0

v3.9.0

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.2.0

v4.3.0

v4.4.0