cvedb.io
CVE-2024-48964
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-10-23T19:15:19.833 · Last modified 2026-06-17T07:59:08.103

Summary

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

Affected products

snyk — snyk_cli

Does this affect you?

Add your gear to cvedb and we'll alert you only when snyk ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.