CVE-2022-25914: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
The package com.google.cloud.tools:jib-core before 0.22.0 is vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
References
Detect and mitigate CVE-2022-25914 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →