Command injection vulnerability in Snyk CLI released prior to September 1, 2022 (older than v1.996.0)

The Snyk CLI has a medium severity vulnerability (CVSSv3 6.4) due to a command injection issue that can lead to arbitrary code execution on the host system. Versions of the CLI released prior to September 1, 2022, are impacted and users are advised to update to the latest version (all versions from 1.996.0 inclusive). While this vulnerability is difficult to exploit, it's still recommended to update to ensure user safety. IDE integrations are also affected due to their behavior of automatically scanning the workspace, but Snyk's plugin configuration mitigates this in most cases. Users can find more information and updates on the Snyk Support portal.