Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-30586
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to code execution.
Gradle Gradle
NA
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwrit...
Gradle Gradle
5
CVSSv2
CVE-2019-15052
The HTTP client in Gradle prior to 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
Gradle Gradle
5
CVSSv2
CVE-2021-41584
Gradle Enterprise prior to 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Gradle Gradle
5
CVSSv2
CVE-2021-41586
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
Gradle Gradle
6.8
CVSSv2
CVE-2021-41588
In Gradle Enterprise prior to 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Gradle Gradle
5
CVSSv2
CVE-2021-41587
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
Gradle Gradle
NA
CVE-2023-44387
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting fil...
Gradle Gradle
8.5
CVSSv2
CVE-2021-32751
Gradle is a build tool with a focus on build automation. In versions before 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user runn...
Gradle Gradle
NA
CVE-2023-42445
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfilt...
Gradle Gradle
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »