Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CycloneDX Generator 安全漏洞
Vulnerability Description
CycloneDX Generator(cdxgen)是CycloneDX开源的一个 CLI 工具、库、REPL 和服务器。用于创建有效且兼容的 CycloneDX 物料清单。 CycloneDX Generator 10.10.7版本及之前版本存在安全漏洞,该漏洞源于在针对不受信任的代码库运行时,可能会执行构建相关文件(例如 build.gradle.kts)中包含的代码。
CVSS Information
N/A
Vulnerability Type
N/A