Vulnerability Details CVE-2022-25914
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v3 Score 5.6
References
- https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf
- https://github.com/GoogleContainerTools/jib/pull/3744
- https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871
- https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf
- https://github.com/GoogleContainerTools/jib/pull/3744
- https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871
Products affected by CVE-2022-25914
-
cpe:2.3:a:jib_project:jib:0.1.0
-
cpe:2.3:a:jib_project:jib:0.1.1
-
cpe:2.3:a:jib_project:jib:0.1.2
-
cpe:2.3:a:jib_project:jib:0.1.3
-
cpe:2.3:a:jib_project:jib:0.1.4
-
cpe:2.3:a:jib_project:jib:0.1.5
-
cpe:2.3:a:jib_project:jib:0.1.6
-
cpe:2.3:a:jib_project:jib:0.1.7
-
cpe:2.3:a:jib_project:jib:0.10.0
-
cpe:2.3:a:jib_project:jib:0.10.1
-
cpe:2.3:a:jib_project:jib:0.11.0
-
cpe:2.3:a:jib_project:jib:0.12.0
-
cpe:2.3:a:jib_project:jib:0.13.0
-
cpe:2.3:a:jib_project:jib:0.13.1
-
cpe:2.3:a:jib_project:jib:0.14.0
-
cpe:2.3:a:jib_project:jib:0.15.0
-
cpe:2.3:a:jib_project:jib:0.16.0
-
cpe:2.3:a:jib_project:jib:0.17.0
-
cpe:2.3:a:jib_project:jib:0.18.0
-
cpe:2.3:a:jib_project:jib:0.19.0
-
cpe:2.3:a:jib_project:jib:0.20.0
-
cpe:2.3:a:jib_project:jib:0.21.0
-
cpe:2.3:a:jib_project:jib:0.9.0
-
cpe:2.3:a:jib_project:jib:0.9.1