CVE-2022-40764
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Snyk CLI affected by Command Injection vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | snyk | <1.996.0 | 1.996.0 |
| npm | snyk-go-plugin | <1.19.1 | 1.19.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-40764
- https://github.com/snyk/cli
- https://github.com/snyk/cli/releases/tag/v1.996.0
- https://github.com/snyk/snyk-go-plugin/releases/tag/v1.19.1
- https://support.snyk.io/hc/en-us/articles/7015908293789-CVE-2022-40764-Command-Injection-vulnerability-affecting-Snyk-CLI-versions-prior-to-1-996-0
- https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.