2149734 – (CVE-2022-22984) CVE-2022-22984 snyk: snyk-hex-plugin: command injection

Bug 2149734 (CVE-2022-22984) - CVE-2022-22984 snyk: snyk-hex-plugin: command injection

Summary: CVE-2022-22984 snyk: snyk-hex-plugin: command injection

Keywords:
Status:	NEW
Alias:	CVE-2022-22984
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2149702
TreeView+	depends on / blocked

Reported:	2022-11-30 17:58 UTC by Anten Skrabec
Modified:	2023-09-01 04:22 UTC (History)
CC List:	4 users (show)
Fixed In Version:	snyk-hex-plugin 1.1.6
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Anten Skrabec 2022-11-30 17:58:37 UTC

A vulnerability was found in the snyk-hex-plugin for snyk that allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags.

Note You need to log in before you can comment on or make changes to this bug.