Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-16370
The PGP signing plugin in Gradle prior to 6.0 relies on the SHA-1 algorithm, which might allow an malicious user to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
Gradle Gradle
445
VMScore
CVE-2021-41584
Gradle Enterprise prior to 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Gradle Gradle
445
VMScore
CVE-2021-41586
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
Gradle Gradle
605
VMScore
CVE-2021-41588
In Gradle Enterprise prior to 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Gradle Gradle
445
VMScore
CVE-2019-15052
The HTTP client in Gradle prior to 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
Gradle Gradle
445
VMScore
CVE-2022-30587
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to information disclosure.
Gradle Gradle Enterprise
668
VMScore
CVE-2016-6199
ObjectSocketWrapper.java in Gradle 2.12 allows remote malicious users to execute arbitrary code via a crafted serialized object.
Gradle Gradle 2.12
490
VMScore
CVE-2021-26719
A directory traversal issue exists in Gradle gradle-enterprise-test-distribution-agent prior to 1.3.2, test-distribution-gradle-plugin prior to 1.3.2, and gradle-enterprise-maven-extension prior to 1.8.2. A malicious actor (with certain credentials) can perform a registration ste...
Gradle Enterprise Test Distribution Agent
Gradle Maven
Gradle Test Distribution
534
VMScore
CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specif...
Gradle Gradle
Quarkus Quarkus
392
VMScore
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly delet...
Gradle Gradle
Quarkus Quarkus
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »