CVE-2022-25914

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/com.google.cloud.tools/jib-core

Identifiers

GHSA-936v-cg49-m2g5, CVE-2022-25914

Package Slug

maven/com.google.cloud.tools/jib-core

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

The package com.google.cloud.tools:jib-core before 0.22.0 is vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

Affected Versions

All versions before 0.22.0

Solution

Upgrade to version 0.22.0 or above.

Last Modified

2022-09-15

source