CVE-2024-50611

Published: Oct 27, 2024

Modified: Oct 30, 2024

PUBLISHED

Description

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/CycloneDX/cdxgen/releases

https://github.com/CycloneDX/cdxgen/issues/1328

https://owasp.org/www-project-dep-scan/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-50611

Description

Affected Products

References