CVE-2024-48963

Name of the Vulnerable Software and Affected Versions Snyk CLI versions prior to 1.1294.0

Description The issue is related to Code Injection when scanning an untrusted PHP project. It can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. To mitigate this, it is recommended to only scan trusted projects.

Recommendations For versions prior to 1.1294.0, update to version 1.1294.0 or later to resolve the issue. As a temporary workaround, consider only scanning trusted projects until the update is applied. Restrict running Snyk test inside untrusted projects to minimize the risk of exploitation.