CVE-2024-48964

Name of the Vulnerable Software and Affected Versions Snyk CLI versions prior to 1.1294.0

Description The issue is related to Code Injection when scanning an untrusted Gradle project. It can be triggered if a test is run inside the untrusted project due to the improper handling of the current working directory name. The recommended mitigation is to only scan trusted projects.

Recommendations For versions prior to 1.1294.0, update to version 1.1294.0 or later to resolve the issue. As a temporary workaround, consider only scanning trusted Gradle projects to minimize the risk of exploitation.