CVE-2024-50611
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50611
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50611.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50611
- Aliases
- Published
- 2024-10-27T22:15:03Z
- Modified
- 2025-09-19T15:10:08.982815Z
- Summary
- [none]
- Details
-
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.
- References
Affected packages
Git / github.com/cyclonedx/cdxgen
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cyclonedx/cdxgen
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.0.5-test
v1.*
v1.0.2
v1.0.3
v1.0.4
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.28
v1.4.29
v1.4.3
v1.4.30
v1.4.31
v1.4.32
v1.4.33
v1.4.34
v1.4.35
v1.4.36
v1.4.37
v1.4.38
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.10.0
v10.10.1
v10.10.2
v10.10.3
v10.10.4
v10.10.5
v10.10.6
v10.10.7
v10.2.1
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.3.4
v10.3.5
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.5.0
v10.5.1
v10.5.2
v10.6.0
v10.6.1
v10.6.2
v10.7.0
v10.7.1
v10.8.0
v10.8.1
v10.8.2
v10.8.3
v10.8.4
v10.8.5
v10.8.6
v10.8.7
v10.8.8
v10.8.9
v10.9.0
v10.9.1
v10.9.10
v10.9.11
v10.9.2
v10.9.3
v10.9.4
v10.9.5
v10.9.6
v10.9.7
v10.9.8
v10.9.9
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.2
v2.2.20
v2.2.21
v2.2.22
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.1
v3.*
v3.0.0
v3.0.1
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.2.0
v3.2.1
v3.2.10
v3.2.11
v3.2.13
v3.2.14
v3.2.15
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.7
v3.2.8
v3.2.9
v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.16
v4.0.17
v4.0.18
v4.0.19
v4.0.2
v4.0.20
v4.0.21
v4.0.22
v4.0.23
v4.0.24
v4.0.25
v4.0.26
v4.0.27
v4.0.28
v4.0.29
v4.0.3
v4.0.30
v4.0.31
v4.0.32
v4.0.33
v4.0.34
v4.0.35
v4.0.36
v4.0.37
v4.0.38
v4.0.39
v4.0.4
v4.0.40
v4.0.41
v4.0.42
v4.0.43
v4.0.44
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v5.*
v5.0.1
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.4.0
v5.4.1
v5.4.2
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v6.*
v6.0.0
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.1.5
v8.1.6
v8.1.7
v8.1.8
v8.1.9
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v8.4.0
v8.4.1
v8.4.10
v8.4.11
v8.4.12
v8.4.13
v8.4.2
v8.4.3
v8.4.4
v8.4.5
v8.4.6
v8.4.7
v8.4.8
v8.4.9
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.6.0
v9.*
v9.0.0
v9.0.1
v9.1.0
v9.1.1
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.11.1
v9.11.2
v9.11.3
v9.2.0
v9.2.1
v9.2.2
v9.2.3
v9.3.0
v9.3.2
v9.4.0
v9.5.0
v9.6.0
v9.6.1
v9.7.0
v9.7.1
v9.7.2
v9.7.3
v9.7.4
v9.8.0
v9.8.1
v9.8.10
v9.8.2
v9.8.3
v9.8.4
v9.8.5
v9.8.6
v9.8.7
v9.8.8
v9.8.9
v9.9.0
v9.9.1
v9.9.2
v9.9.3
v9.9.4
v9.9.5
v9.9.6
v9.9.7
v9.9.8
v9.9.9