Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Gradle Gradle
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5.9
CVSSv3
CVE-2005-4900
SHA-1 is not collision resistant, which makes it easier for context-dependent malicious users to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existen...
Google Chrome
5.5
CVSSv3
CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Grad...
Gradle Gradle
5.5
CVSSv3
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an malicious user to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourc...
Gradle Gradle
Quarkus Quarkus
5.5
CVSSv3
CVE-2020-15770
An issue exists in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
Gradle Enterprise 2018.5
5.3
CVSSv3
CVE-2023-42445
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfilt...
Gradle Gradle
5.3
CVSSv3
CVE-2022-24329
In JetBrains Kotlin prior to 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Jetbrains Kotlin
Oracle Communications Pricing Design Center 12.0.0.4
Oracle Communications Pricing Design Center 12.0.0.5
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
5.3
CVSSv3
CVE-2021-41590
In Gradle Enterprise up to and including 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test functi...
Gradle Enterprise
5.3
CVSSv3
CVE-2020-15767
An issue exists in Gradle Enterprise prior to 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a ...
Gradle Enterprise
4.9
CVSSv3
CVE-2020-15772
An issue exists in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allow...
Gradle Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »