12 matches found
CVE-2026-22816
CVE-2026-22816 (Gradle) : Multiple sources describe a vulnerability in Gradle before 9.3.0 where non-fatal exceptions during dependency resolution would allow Gradle to continue to the next repository, and an unresolvable host name could let an attacker register a service under the build’s host n...
Gradle security vulnerabilities
Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...
EUVD-2022-4803
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-11065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used...
SUSE CVE-2023-44387
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...
PT-2023-29221 · Gradle +1 · Gradle +1
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.3 Gradle versions prior to 8.4 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but...
Gradle 信息泄露漏洞
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. An information disclosure vulnerability exists in Gradle versions prior to 2.4.2, which stems from the fact that data stored in the GitHub Actions cache can be read by...
SUSE CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...
PT-2019-13959 · Gradle +2 · Gradle +2
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 5.6 Description: The issue concerns the HTTP client in Gradle, which sends authentication credentials to subsequent hosts after a 30x redirect, potentially exposing sensitive information. This behavior is similar to a...
DEBIAN-CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...
UBUNTU-CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...
PT-2019-12162 · Gradle +1 · Gradle +1
Name of the Vulnerable Software and Affected Versions: Gradle versions 1.4 through 5.3.1 Description: The issue arises from Gradle using an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. This could allow dependency artifacts to be...