CNNVD-202509-4069 Information
CNNVD ID
CNNVD-202509-4069
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
SonarQube是Sonar开源的一个代码检查工具。 SonarQube 4.0.0版本至6.0.0之前版本存在操作系统命令注入漏洞,该漏洞源于Windows运行器上未对用户输入进行适当验证,可能导致任意命令执行。
Description (English)
SonarQube is a code check tool for Sonar ’ s open source. There was a loophole in the operating system commands before SonarQube Version 4.0.0 to 6.0.0, which resulted from the failure to properly validate user input on the Windows Runner, which could lead to arbitrary command execution.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Sonar
Published
2025-09-26
Last Modified
2026-02-24
References
https://community.sonarsource.com/t/sonarqube-scanner-github-action-v6/149281 https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v6.0.0 https://github.com/SonarSource/sonarqube-scan-action/security/advisories/GHSA-5xq9-5g24-4g6f https://access.redhat.com/security/cve/cve-2025-59844
Patch
https://github.com/SonarSource/sonarqube-scan-action/releases
Share on: