Description

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.

INFO

Published Date :

2024-10-27T00:00:00.000Z

Last Modified :

2024-10-30T18:25:27.344Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50611 vulnerability.

Vendors Products
Cyclonedx
  • Cdxgen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50611.

URL Resource
https://github.com/CycloneDX/cdxgen/issues/1328 cve-icon cve-icon
https://github.com/CycloneDX/cdxgen/releases cve-icon cve-icon
https://owasp.org/www-project-dep-scan/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact