Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle maven vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-15777
An issue exists in the Maven Extension plugin prior to 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an malicious user to achieve code execution via a malicious ...
Gradle Maven
6.5
CVSSv3
CVE-2021-26719
A directory traversal issue exists in Gradle gradle-enterprise-test-distribution-agent prior to 1.3.2, test-distribution-gradle-plugin prior to 1.3.2, and gradle-enterprise-maven-extension prior to 1.8.2. A malicious actor (with certain credentials) can perform a registration ste...
Gradle Enterprise Test Distribution Agent
Gradle Maven
Gradle Test Distribution
7.5
CVSSv3
CVE-2019-9843
In DiffPlug Spotless prior to 1.20.0 (library and Maven plugin) and prior to 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file co...
Diffplug Gradle
Diffplug Maven
5.3
CVSSv3
CVE-2023-42445
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfilt...
Gradle Gradle
6.3
CVSSv3
CVE-2022-22984
The package snyk prior to 1.1064.0; the package snyk-mvn-plugin prior to 2.31.3; the package snyk-gradle-plugin prior to 3.24.5; the package @snyk/snyk-cocoapods-plugin prior to 2.5.3; the package snyk-sbt-plugin prior to 2.16.2; the package snyk-python-plugin prior to 1.24.2; th...
Snyk Snyk Cli
Snyk Snyk Maven Cli
Snyk Snyk Gradle Cli
Snyk Snyk Cocoapods Cli
Snyk Snyk Python Cli
Snyk Snyk Sbt Cli
Snyk Snyk Docker Cli
Snyk Snyk Hex Cli
7.8
CVSSv3
CVE-2022-48431
In JetBrains IntelliJ IDEA prior to 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
Jetbrains Intellij Idea
6.5
CVSSv3
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started