@cyclonedx/cdxgen@9.6.0 vulnerabilities

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

latest version

10.11.0
first published

2 years ago
latest version published

5 days ago
licenses detected
- Apache-2.0
  >=0
View @cyclonedx/cdxgen package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @cyclonedx/cdxgen package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Code Injection @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials (SBOM) from source or container image Affected versions of this package are vulnerable to Arbitrary Code Injection when run against an untrusted codebase, allowing execution of code contained within build-related files such as `build.gradle.kts`. Note: This is a design limitation without an immediate fix. How to fix Arbitrary Code Injection? There is no fixed version for `@cyclonedx/cdxgen`.	>=0.0.0

Arbitrary Code Injection

@cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

Affected versions of this package are vulnerable to Arbitrary Code Injection when run against an untrusted codebase, allowing execution of code contained within build-related files such as build.gradle.kts.

Note: This is a design limitation without an immediate fix.

How to fix Arbitrary Code Injection?

There is no fixed version for @cyclonedx/cdxgen.

>=0.0.0

Go back to all versions of this package

@cyclonedx/cdxgen@9.6.0 vulnerabilities

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities