Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-22984
The package snyk prior to 1.1064.0; the package snyk-mvn-plugin prior to 2.31.3; the package snyk-gradle-plugin prior to 3.24.5; the package @snyk/snyk-cocoapods-plugin prior to 2.5.3; the package snyk-sbt-plugin prior to 2.16.2; the package snyk-python-plugin prior to 1.24.2; th...
Snyk Snyk Cli
Snyk Snyk Maven Cli
Snyk Snyk Gradle Cli
Snyk Snyk Cocoapods Cli
Snyk Snyk Python Cli
Snyk Snyk Sbt Cli
Snyk Snyk Docker Cli
Snyk Snyk Hex Cli
NA
CVE-2022-24441
The package snyk prior to 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privilege...
Snyk Snyk Security
Snyk Snyk Language Server
Snyk Snyk Cli
NA
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 up to and including 2022.3.3 allows remote malicious users to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
Gradle Enterprise
NA
CVE-2022-41574
An access-control vulnerability in Gradle Enterprise 2022.4 up to and including 2022.3.1 allows remote malicious users to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to a...
Gradle Enterprise
NA
CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 up to and including 7.4.2, there are some cases i...
Gradle Gradle
445
VMScore
CVE-2022-30587
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to information disclosure.
Gradle Gradle Enterprise
578
VMScore
CVE-2022-30586
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to code execution.
Gradle Gradle
668
VMScore
CVE-2022-27919
Gradle Enterprise prior to 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
Gradle Enterprise
828
VMScore
CVE-2022-25364
In Gradle Enterprise prior to 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute ma...
Gradle Enterprise
384
VMScore
CVE-2022-27225
Gradle Enterprise prior to 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibili...
Gradle Enterprise
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »