{"id":"CVE-2024-50611","details":"CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.","aliases":["GHSA-hxf3-vgpm-fv9p"],"modified":"2026-04-10T05:19:29.427285Z","published":"2024-10-27T22:15:03.557Z","references":[{"type":"WEB","url":"https://owasp.org/www-project-dep-scan/"},{"type":"REPORT","url":"https://github.com/CycloneDX/cdxgen/issues/1328"},{"type":"PACKAGE","url":"https://github.com/CycloneDX/cdxgen/releases"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cdxgen/cdxgen","events":[{"introduced":"0"},{"last_affected":"b309cffa5cad2d20f86f2e7df42e7c60152a0632"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.10.7"}]}}],"versions":["v1.0.2","v1.0.3","v1.0.4","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v1.4.0","v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.19","v1.4.2","v1.4.20","v1.4.21","v1.4.22","v1.4.23","v1.4.24","v1.4.25","v1.4.26","v1.4.27","v1.4.28","v1.4.29","v1.4.3","v1.4.30","v1.4.31","v1.4.32","v1.4.33","v1.4.34","v1.4.35","v1.4.36","v1.4.37","v1.4.38","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.4.9","v10.0.0","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.0.5","v10.0.6","v10.1.0","v10.1.1","v10.1.2","v10.1.3","v10.10.0","v10.10.1","v10.10.2","v10.10.3","v10.10.4","v10.10.5","v10.10.6","v10.10.7","v10.2.1","v10.2.2","v10.2.3","v10.2.4","v10.2.5","v10.2.6","v10.3.0","v10.3.1","v10.3.2","v10.3.3","v10.3.4","v10.3.5","v10.4.0","v10.4.1","v10.4.2","v10.4.3","v10.5.0","v10.5.1","v10.5.2","v10.6.0","v10.6.1","v10.6.2","v10.7.0","v10.7.1","v10.8.0","v10.8.1","v10.8.2","v10.8.3","v10.8.4","v10.8.5","v10.8.6","v10.8.7","v10.8.8","v10.8.9","v10.9.0","v10.9.1","v10.9.10","v10.9.11","v10.9.2","v10.9.3","v10.9.4","v10.9.5","v10.9.6","v10.9.7","v10.9.8","v10.9.9","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.21","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.1","v3.0.0","v3.0.1","v3.0.10","v3.0.2","v3.0.3","v3.0.4","v3.0.6","v3.0.7","v3.0.8","v3.0.9","v3.1.0","v3.2.0","v3.2.1","v3.2.10","v3.2.11","v3.2.13","v3.2.14","v3.2.15","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.7","v3.2.8","v3.2.9","v4.0.0","v4.0.1","v4.0.10","v4.0.11","v4.0.12","v4.0.13","v4.0.14","v4.0.15","v4.0.16","v4.0.17","v4.0.18","v4.0.19","v4.0.2","v4.0.20","v4.0.21","v4.0.22","v4.0.23","v4.0.24","v4.0.25","v4.0.26","v4.0.27","v4.0.28","v4.0.29","v4.0.3","v4.0.30","v4.0.31","v4.0.32","v4.0.33","v4.0.34","v4.0.35","v4.0.36","v4.0.37","v4.0.38","v4.0.39","v4.0.4","v4.0.40","v4.0.41","v4.0.42","v4.0.43","v4.0.44","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9","v5.0.1","v5.1.0","v5.1.1","v5.1.2","v5.1.3","v5.1.4","v5.2.0","v5.2.1","v5.2.2","v5.2.3","v5.2.4","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.3.4","v5.3.5","v5.3.6","v5.3.7","v5.4.0","v5.4.1","v5.4.2","v5.5.0","v5.5.1","v5.5.2","v5.5.3","v5.5.4","v5.5.5","v5.5.6","v6.0.0","v6.0.1","v6.0.10","v6.0.11","v6.0.12","v6.0.13","v6.0.14","v6.0.15","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.7","v6.0.8","v6.0.9","v7.0.0","v7.0.1","v7.0.2","v7.0.3","v7.0.4","v7.0.5","v8.0.0","v8.0.1","v8.0.2","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.1.0","v8.1.1","v8.1.2","v8.1.3","v8.1.4","v8.1.5","v8.1.6","v8.1.7","v8.1.8","v8.1.9","v8.2.0","v8.2.1","v8.2.2","v8.2.3","v8.2.4","v8.3.0","v8.3.1","v8.3.2","v8.3.3","v8.4.0","v8.4.1","v8.4.10","v8.4.11","v8.4.12","v8.4.13","v8.4.2","v8.4.3","v8.4.4","v8.4.5","v8.4.6","v8.4.7","v8.4.8","v8.4.9","v8.5.0","v8.5.1","v8.5.2","v8.5.3","v8.6.0","v9.0.0","v9.0.1","v9.1.0","v9.1.1","v9.10.0","v9.10.1","v9.10.2","v9.11.0","v9.11.1","v9.11.2","v9.11.3","v9.2.0","v9.2.1","v9.2.2","v9.2.3","v9.3.0","v9.3.2","v9.4.0","v9.5.0","v9.6.0","v9.6.1","v9.7.0","v9.7.1","v9.7.2","v9.7.3","v9.7.4","v9.8.0","v9.8.1","v9.8.10","v9.8.2","v9.8.3","v9.8.4","v9.8.5","v9.8.6","v9.8.7","v9.8.8","v9.8.9","v9.9.0","v9.9.1","v9.9.2","v9.9.3","v9.9.4","v9.9.5","v9.9.6","v9.9.7","v9.9.8","v9.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50611.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}