CVE-2022-22984OS Command Injection in Snyk-cocoapods-plugin

CWE-78OS Command InjectionCWE-77Command Injection5 documents5 sources
Severity
6.3MEDIUMNVD
GHSA7.8OSV7.8
EPSS
4.7%
top 10.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Snyk Snyk-cocoapods-pluginSnyk Snyk-hex-pluginSnyk CLI+7 more
Timeline
PublishedNov 30
Latest updateJul 31

Description

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A succe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages14 packages

CVEListV5snyk/snyk-cocoapods-pluginunspecified2.5.3
CVEListV5snyk/snyk-hex-pluginunspecified1.1.6

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Snyk plugins vulnerable to Command Injection2022-11-30
OSV
Snyk plugins vulnerable to Command Injection2022-11-30

📋Vendor Advisories

1
Red Hat
snyk: snyk-hex-plugin: command injection2022-11-30

📄Research Papers

1
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights2024-07-31
CVE-2022-22984 — OS Command Injection | cvebase