CVE-2022-22984 (GCVE-0-2022-22984)
Vulnerability from cvelistv5
Published
2022-11-30 00:00
Modified
2025-04-25 14:34
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P
CWE
  • Command Injection
Summary
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.
References
report@snyk.io https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4 Patch, Third Party Advisory
report@snyk.io https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437 Patch, Third Party Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625 Exploit, Patch, Vendor Advisory
report@snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680 Exploit, Patch, Vendor Advisory
report@snyk.io https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/ Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437 Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680 Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/ Exploit, Third Party Advisory
Impacted products
Vendor Product Version
n/a snyk Version: unspecified   < 1.1064.0
   n/a snyk-mvn-plugin Version: unspecified   < 2.31.3
   n/a snyk-gradle-plugin Version: unspecified   < 3.24.5
   n/a @snyk/snyk-cocoapods-plugin Version: unspecified   < 2.5.3
   n/a snyk-sbt-plugin Version: unspecified   < 2.16.2
   n/a snyk-python-plugin Version: unspecified   < 1.24.2
   n/a snyk-docker-plugin Version: unspecified   < 5.6.5
   n/a @snyk/snyk-hex-plugin Version: unspecified   < 1.1.6
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-22984",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T14:34:09.755925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T14:34:22.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "snyk",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.1064.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "snyk-mvn-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "2.31.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "snyk-gradle-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "3.24.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "@snyk/snyk-cocoapods-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "2.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "snyk-sbt-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "2.16.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "snyk-python-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.24.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "snyk-docker-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "5.6.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "@snyk/snyk-hex-plugin",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.1.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ron Masas - Imperva"
        }
      ],
      "datePublic": "2022-11-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:00:00.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680"
        },
        {
          "url": "https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a"
        },
        {
          "url": "https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009"
        },
        {
          "url": "https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50"
        },
        {
          "url": "https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437"
        },
        {
          "url": "https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3"
        },
        {
          "url": "https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4"
        },
        {
          "url": "https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381"
        },
        {
          "url": "https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357"
        }
      ],
      "title": "Command Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-22984",
    "datePublished": "2022-11-30T00:00:00.000Z",
    "dateReserved": "2022-02-24T00:00:00.000Z",
    "dateUpdated": "2025-04-25T14:34:22.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22984\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2022-11-30T13:15:10.517\",\"lastModified\":\"2025-04-25T15:15:30.193\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.\"},{\"lang\":\"es\",\"value\":\"El paquete snyk antes de 1.1064.0; el paquete snyk-mvn-plugin anterior a 2.31.3; el paquete snyk-gradle-plugin anterior a 3.24.5; el paquete @snyk/snyk-cocoapods-plugin anterior a 2.5.3; el paquete snyk-sbt-plugin anterior a 2.16.2; el paquete snyk-python-plugin anterior a 1.24.2; el paquete snyk-docker-plugin anterior a 5.6.5; el paquete @snyk/snyk-hex-plugin anterior a 1.1.6 es vulnerable a la inyecci\u00f3n de comandos debido a una soluci\u00f3n incompleta para [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK -3037342). Un exploit exitoso permite a los atacantes ejecutar comandos arbitrarios en el sistema host donde est\u00e1 instalada la CLI de Snyk al pasar indicadores de l\u00ednea de comando manipulado. Para aprovechar esta vulnerabilidad, un usuario tendr\u00eda que ejecutar el comando snyk test en archivos que no sean de confianza. En la mayor\u00eda de los casos, un atacante posicionado para controlar los argumentos de la l\u00ednea de comandos de la CLI de Snyk ya estar\u00eda posicionado para ejecutar comandos arbitrarios. Sin embargo, se podr\u00eda abusar de esto en escenarios espec\u00edficos, como canales de integraci\u00f3n continua, donde los desarrolladores pueden controlar los argumentos pasados ??a la CLI de Snyk para aprovechar este componente como parte de un ataque m\u00e1s amplio contra un canal de integraci\u00f3n/compilaci\u00f3n. Este problema se solucion\u00f3 en las \u00faltimas im\u00e1genes de Snyk Docker disponibles en https://hub.docker.com/r/snyk/snyk a partir del 29 de noviembre de 2022. Las im\u00e1genes descargadas y creadas antes de esa fecha deben actualizarse. El problema tambi\u00e9n se solucion\u00f3 en el complemento Snyk TeamCity CI/CD a partir de la versi\u00f3n v20221130.093605.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_cli:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1064.0\",\"matchCriteriaId\":\"FD69CF9C-0537-454E-B35D-51B58C154555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_cocoapods_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"2.5.3\",\"matchCriteriaId\":\"7EC9CA0A-A963-45D1-86E6-9A24A9FF86B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_docker_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"5.6.5\",\"matchCriteriaId\":\"CA928136-DD61-4BA2-A171-CF6893EC4BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_gradle_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"3.24.5\",\"matchCriteriaId\":\"41D80E25-1B78-49F5-8210-0B81C61C4B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_hex_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"1.1.6\",\"matchCriteriaId\":\"1A4DC78C-CAE6-463F-9315-92984BB9C0B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_maven_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"2.31.3\",\"matchCriteriaId\":\"D298D7E5-0E40-4729-A9A6-471ABDFD6692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_python_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"1.24.2\",\"matchCriteriaId\":\"F341718C-7869-4959-ABBE-4D7036F3D9C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:snyk_sbt_cli:*:*:*:*:*:snyk:*:*\",\"versionEndExcluding\":\"2.16.2\",\"matchCriteriaId\":\"C5425F5D-615B-4925-AB25-02B68E2C97FE\"}]}]}],\"references\":[{\"url\":\"https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:28:42.603Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-22984\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T14:34:09.755925Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T14:34:18.124Z\"}}], \"cna\": {\"title\": \"Command Injection\", \"credits\": [{\"lang\": \"en\", \"value\": \"Ron Masas - Imperva\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P\", \"temporalScore\": 4.7, \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"MEDIUM\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"exploitCodeMaturity\": \"PROOF_OF_CONCEPT\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"snyk\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.1064.0\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"snyk-mvn-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.31.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"snyk-gradle-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"3.24.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"@snyk/snyk-cocoapods-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.5.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"snyk-sbt-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.16.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"snyk-python-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.24.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"snyk-docker-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"5.6.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"n/a\", \"product\": \"@snyk/snyk-hex-plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.1.6\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2022-11-30T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680\"}, {\"url\": \"https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a\"}, {\"url\": \"https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009\"}, {\"url\": \"https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50\"}, {\"url\": \"https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437\"}, {\"url\": \"https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3\"}, {\"url\": \"https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4\"}, {\"url\": \"https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381\"}, {\"url\": \"https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Command Injection\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2022-11-30T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-22984\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T14:34:22.605Z\", \"dateReserved\": \"2022-02-24T00:00:00.000Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2022-11-30T00:00:00.000Z\", \"assignerShortName\": \"snyk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.