Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-24329
In JetBrains Kotlin prior to 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Jetbrains Kotlin
Oracle Communications Pricing Design Center 12.0.0.4
Oracle Communications Pricing Design Center 12.0.0.5
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
6
CVSSv2
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verifica...
Gradle Gradle
9
CVSSv2
CVE-2021-41619
An issue exists in Gradle Enterprise prior to 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options...
Gradle Enterprise
7.5
CVSSv2
CVE-2021-41589
In Gradle Enterprise prior to 2021.3 (and Enterprise Build Cache Node prior to 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration use...
Gradle Build Cache Node
Gradle Enterprise
5
CVSSv2
CVE-2021-41590
In Gradle Enterprise up to and including 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test functi...
Gradle Enterprise
5
CVSSv2
CVE-2021-41586
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
Gradle Gradle
5
CVSSv2
CVE-2021-41587
In Gradle Enterprise prior to 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
Gradle Gradle
6.8
CVSSv2
CVE-2021-41588
In Gradle Enterprise prior to 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Gradle Gradle
5
CVSSv2
CVE-2021-41584
Gradle Enterprise prior to 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Gradle Gradle
8.5
CVSSv2
CVE-2021-32751
Gradle is a build tool with a focus on build automation. In versions before 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user runn...
Gradle Gradle
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »