CVE-2022-22984
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Snyk plugins vulnerable to Command Injection
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | snyk | <1.1064.0 | 1.1064.0 |
| npm | snyk-mvn-plugin | <2.31.3 | 2.31.3 |
| npm | snyk-sbt-plugin | <2.16.2 | 2.16.2 |
| npm | snyk-python-plugin | <1.24.2 | 1.24.2 |
| npm | @snyk/snyk-hex-plugin | <1.1.6 | 1.1.6 |
| npm | snyk-gradle-plugin | <3.24.5 | 3.24.5 |
| npm | snyk-docker-plugin | <5.6.5 | 5.6.5 |
| npm | @snyk/snyk-cocoapods-plugin | <2.5.3 | 2.5.3 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-22984
- https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a
- https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381
- https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357
- https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009
- https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3
- https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50
- https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4
- https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437
- https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution
- https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680
- https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625
- https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626
- https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677
- https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623
- https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624
- https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679
- https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.