Vulnerability in cdxgen Allows Execution of Code in Build-Related Files
CVE-2024-50611
7.2HIGH
What is CVE-2024-50611?
The CycloneDX cdxgen tool, prior to version 10.10.7, presents a vulnerability that can lead to arbitrary code execution when processing untrusted codebases. This issue arises from build-related files, such as build.gradle.kts, which may inadvertently execute harmful code during dependency scanning. Notably, this situation has been identified as a design limitation rather than a flaw in the implementation. Users of the OWASP Dependency Scanner should be aware of this risk when using cdxgen in their environments.
