GHSA-936v-cg49-m2g5

Suggest an improvement
Source
https://github.com/advisories/GHSA-936v-cg49-m2g5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-936v-cg49-m2g5/GHSA-936v-cg49-m2g5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-936v-cg49-m2g5
Aliases
Published
2022-09-09T00:00:57Z
Modified
2024-12-06T05:30:23.850461Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)
Details

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

Database specific
{
    "nvd_published_at": "2022-09-08T05:15:00Z",
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:33:26Z"
}
References

Affected packages

Maven / com.google.cloud.tools:jib-core

Package

Name
com.google.cloud.tools:jib-core
View open source insights on deps.dev
Purl
pkg:maven/com.google.cloud.tools/jib-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.22.0

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.9.0
0.9.1
0.9.2
0.10.0
0.10.1
0.11.0
0.12.0
0.13.0
0.13.1
0.14.0
0.15.0
0.16.0
0.17.0
0.18.0
0.19.0
0.20.0
0.21.0