Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-30586
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to code execution.
Gradle Gradle
6
CVSSv2
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verifica...
Gradle Gradle
6
CVSSv2
CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specif...
Gradle Gradle
Quarkus Quarkus
5.8
CVSSv2
CVE-2017-3160
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not s...
Apache Cordova
5.5
CVSSv2
CVE-2021-26719
A directory traversal issue exists in Gradle gradle-enterprise-test-distribution-agent prior to 1.3.2, test-distribution-gradle-plugin prior to 1.3.2, and gradle-enterprise-maven-extension prior to 1.8.2. A malicious actor (with certain credentials) can perform a registration ste...
Gradle Enterprise Test Distribution Agent
Gradle Maven
Gradle Test Distribution
5.1
CVSSv2
CVE-2019-9843
In DiffPlug Spotless prior to 1.20.0 (library and Maven plugin) and prior to 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file co...
Diffplug Gradle
Diffplug Maven
5
CVSSv2
CVE-2022-30587
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to information disclosure.
Gradle Gradle Enterprise
5
CVSSv2
CVE-2022-24329
In JetBrains Kotlin prior to 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Jetbrains Kotlin
Oracle Communications Pricing Design Center 12.0.0.4
Oracle Communications Pricing Design Center 12.0.0.5
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
5
CVSSv2
CVE-2021-41590
In Gradle Enterprise up to and including 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test functi...
Gradle Enterprise
5
CVSSv2
CVE-2021-41586
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
Gradle Gradle
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »