Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcXF3LWdtOTMtcWY2bc4ABAnQ
OS Command Injection in Snyk gradle plugin
The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
Permalink: https://github.com/advisories/GHSA-qqqw-gm93-qf6mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcXF3LWdtOTMtcWY2bc4ABAnQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00077
EPSS Percentile: 0.35545
Identifiers: GHSA-qqqw-gm93-qf6m, CVE-2024-48964
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-48964
- https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d
- https://github.com/advisories/GHSA-qqqw-gm93-qf6m
Blast Radius: 28.7
Affected Packages
npm:snyk-gradle-plugin
Dependent packages: 3Dependent repositories: 6,724
Downloads: 52,854 last month
Affected Version Ranges: < 4.5.0
Fixed in: 4.5.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.3.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.6.2, 3.6.3, 3.7.0, 3.8.0, 3.9.0, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.11.0, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.13.0, 3.13.1, 3.13.2, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.15.0, 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.21.0, 3.21.1, 3.22.0, 3.22.1, 3.22.2, 3.23.0, 3.23.1, 3.23.2, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.25.0, 3.25.1, 3.25.2, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.27.0, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.2.0, 4.3.0, 4.4.0
All unaffected versions: 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0