Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-25914

Description

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

POC

Reference

- https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871

Github

- https://github.com/ARPSyndicate/cvemon