CVE-2022-24441

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24441

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24441

Aliases

GHSA-4vrv-93c7-m92j

Published

2022-11-30T13:15:10.610Z

Modified

2026-02-22T01:31:10.732703Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. NOTE: This issue is independent of the one reported in CVE-2022-40764, and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions

References

Affected packages

Git

github.com/snyk/snyk-eclipse-plugin

Affected ranges

Type: GIT
Repo: https://github.com/snyk/snyk-eclipse-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5a8bce25a359ced75f83a729fc6b2393fc9a495

Affected versions

0.*

0.9

0.9.1

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.0-beta1

1.2.0-beta2

1.2.1

1.2.2-beta2

1.2.2-beta3

1.2.2-beta4

1.2.2-beta5

1.3.0-beta1

1.3.1

v0.*

v0.1-beta

v0.1.1-beta

v0.2-beta

v20220517.*

v20220517.090738

v20220520.*

v20220520.185312

v20220524.*

v20220524.113844

v20220525.*

v20220525.165232

v20220610.*

v20220610.102110

v20220620.*

v20220620.201253

v20220627.*

v20220627.112145

v20220715.*

v20220715.220301

v20220718.*

v20220718.111138

v20220725.*

v20220725.070608

v20220801.*

v20220801.121815

v20220816.*

v20220816.113522

v20220818.*

v20220818.075149

v20220829.*

v20220829.135217

v20220905.*

v20220905.164345

v20220906.*

v20220906.123713

v20220907.*

v20220907.080537

v20220926.*

v20220926.165829

v20220927.*

v20220927.182222

v20221007.*

v20221007.135736

v20221028.*

v20221028.172238

v20221115.*

v20221115.132308

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json"

github.com/snyk/snyk-intellij-plugin

Affected ranges

Type: GIT
Repo: https://github.com/snyk/snyk-intellij-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

56682f4ba6081ce1d95cb980cbfacd3809a826f4

Affected versions

0.*

0.2.2

0.2.3

0.2.4

v0.*

v0.1.0

v2.*

v2.0.0

v2.0.0-eap-1

v2.0.0-eap-2

v2.0.1

v2.0.2

v2.0.2-fix

v2.0.3

v2.0.4

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.4-rc.1

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.19

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.28

v2.4.29

v2.4.3

v2.4.30

v2.4.31

v2.4.32

v2.4.33

v2.4.34

v2.4.35

v2.4.36

v2.4.37

v2.4.38

v2.4.39

v2.4.4

v2.4.40

v2.4.41

v2.4.42

v2.4.43

v2.4.44

v2.4.45

v2.4.46

v2.4.47

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json"

github.com/snyk/snyk-ls

Affected ranges

Type: GIT
Repo: https://github.com/snyk/snyk-ls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b3229f0142f782871aa72d1a7dcf417546d568ed

Affected versions

Other

latest

v20220204.*

v20220204.082306

v20220204.083303

v20220216.*

v20220216.073235

v20220216.084053

v20220224.*

v20220224.133736

v20220301.*

v20220301.093957

v20220303.*

v20220303.114444

v20220303.115354

v20220303.120942

v20220303.132432

v20220303.140906

v20220308.*

v20220308.104106

v20220308.104122

v20220309.*

v20220309.083632

v20220310.*

v20220310.074119

v20220310.091937

v20220310.101736

v20220310.164417

v20220316.*

v20220316.143315

v20220317.*

v20220317.141530

v20220324.*

v20220324.082547

v20220324.161506

v20220405.*

v20220405.104418

v20220406.*

v20220406.104951

v20220408.*

v20220408.152005

v20220412.*

v20220412.160702

v20220413.*

v20220413.181607

v20220420.*

v20220420.140326

v20220420.140348

v20220420.155438

v20220420.212831

v20220422.*

v20220422.201516

v20220423.*

v20220423.134957

v20220425.*

v20220425.031154

v20220427.*

v20220427.185534

v20220428.*

v20220428.134941

v20220429.*

v20220429.150202

v20220429.154254

v20220430.*

v20220430.125020

v20220503.*

v20220503.093838

v20220503.183556

v20220507.*

v20220507.105805

v20220510.*

v20220510.080750

v20220510.085347

v20220510.164158

v20220511.*

v20220511.092150

v20220512.*

v20220512.112536

v20220516.*

v20220516.163915

v20220517.*

v20220517.103807

v20220517.131428

v20220518.*

v20220518.115331

v20220518.120333

v20220519.*

v20220519.151317

v20220520.*

v20220520.183150

v20220520.184133

v20220520.184307

v20220524.*

v20220524.120023

v20220524.162713

v20220525.*

v20220525.165703

v20220608.*

v20220608.150113

v20220611.*

v20220611.144003

v20220620.*

v20220620.150347

v20220621.*

v20220621.184323

v20220625.*

v20220625.121412

v20220627.*

v20220627.111357

v20220704.*

v20220704.104655

v20220707.*

v20220707.173005

v20220711.*

v20220711.094503

v20220711.120622

v20220711.175102

v20220713.*

v20220713.080441-0500

v20220713.145516+0100

v20220714.*

v20220714.110835

v20220715.*

v20220715.110558

v20220718.*

v20220718.090513

v20220719.*

v20220719.165401

v20220720.*

v20220720.092456

v20220725.*

v20220725.082712

v20220725.124815

v20220729.*

v20220729.112725

v20220801.*

v20220801.082928

v20220801.113450

v20220801.115949

v20220801.125515

v20220802.*

v20220802.085915

v20220803.*

v20220803.070617

v20220803.173252

v20220807.*

v20220807.155150

v20220809.*

v20220809.115906

v20220811.*

v20220811.064054

v20220812.*

v20220812.073739

v20220812.081541

v20220812.093715

v20220815.*

v20220815.091022

v20220816.*

v20220816.171720

v20220817.*

v20220817.181152

v20220822.*

v20220822.113041

v20220826.*

v20220826.102742

v20220826.151706

v20220829.*

v20220829.154452

v20220829.171200

v20220901.*

v20220901.110635

v20220905.*

v20220905.171138

v20220906.*

v20220906.103243

v20220907.*

v20220907.144100

v20220914.*

v20220914.104705

v20220914.173003

v20220918.*

v20220918.123517

v20220923.*

v20220923.103659

v20220923.111606

v20220929.*

v20220929.111439

v20220929.163527

v20220929.174606

v20221013.*

v20221013.160703

v20221017.*

v20221017.141313

v20221017.164920

v20221018.*

v20221018.083416

v20221018.084230

v20221018.085339

v20221018.090944

v20221018.092241

v20221018.093923

v20221018.100911

v20221018.104856

v20221018.110230

v20221019.*

v20221019.113014

v20221020.*

v20221020.080732

v20221021.*

v20221021.122259

v20221021.152226

v20221024.*

v20221024.091127

v20221024.091319

v20221025.*

v20221025.145102

v20221028.*

v20221028.162803

v20221107.*

v20221107.154944

v20221109.*

v20221109.114426

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json"

github.com/snyk/snyk-visual-studio-plugin

Affected ranges

Type: GIT
Repo: https://github.com/snyk/snyk-visual-studio-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0b53dbbd4a3153c3ef9aaf797af3b5caad0f731a

Affected versions

1.*

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.20

1.1.21

1.1.22

1.1.23

1.1.24

1.1.25

1.1.26

1.1.27

1.1.28

1.1.29

1.1.30

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json"

github.com/snyk/vscode-extension

Affected ranges

Type: GIT
Repo: https://github.com/snyk/vscode-extension
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0db3b4240be0db6a0a5c6d02c0d4231a2c4ba708

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.5

v1.0.6

v1.0.7

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.8.0

v1.8.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24441.json"