Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-15052
The HTTP client in Gradle prior to 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
Gradle Gradle
605
VMScore
CVE-2019-10103
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
Jetbrains Kotlin
454
VMScore
CVE-2019-9843
In DiffPlug Spotless prior to 1.20.0 (library and Maven plugin) and prior to 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file co...
Diffplug Gradle
Diffplug Maven
383
VMScore
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
445
VMScore
CVE-2019-11403
In Gradle Enterprise prior to 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
Gradle Enterprise
Gradle Build Cache Node
383
VMScore
CVE-2019-11404
arrow-kt Arrow prior to 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Arrow-kt Arrow
445
VMScore
CVE-2019-11402
In Gradle Enterprise prior to 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
Gradle Enterprise
383
VMScore
CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Gradle Gradle
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
516
VMScore
CVE-2017-3160
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not s...
Apache Cordova
668
VMScore
CVE-2016-6199
ObjectSocketWrapper.java in Gradle 2.12 allows remote malicious users to execute arbitrary code via a crafted serialized object.
Gradle Gradle 2.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »