Gradle is a set of JVM-based project build tools from Gradle USA, which supports maven, Ivy repositories, etc. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface (available to administrators) allowing arbitrary Java virtual machine startup options to be specified. An attacker could exploit the vulnerability to exist potential remote code execution via the application startup configuration.
CPE | Name | Operator | Version |
---|---|---|---|
Gradle Gradle >=2020.4, | lt | 2021.1.2 |