@cyclonedx/cdxgen@11.0.3 vulnerabilities

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

Direct Vulnerabilities

Known vulnerabilities in the @cyclonedx/cdxgen package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Injection

@cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

Affected versions of this package are vulnerable to Arbitrary Code Injection when run against an untrusted codebase, allowing execution of code contained within build-related files such as build.gradle.kts.

Note: This is a design limitation without an immediate fix.

How to fix Arbitrary Code Injection?

There is no fixed version for @cyclonedx/cdxgen.

>=0.0.0