42 matches found
CVE-2025-27148
CVE-2025-27148 affects Gradle’s native-platform library used by Gradle builds. Vulnerability arises when Native.get(Class) is called without prior Native.init(File) and a non-null working path is supplied, causing initialization to occur in the system temporary directory on Unix-like systems. Ver...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from improper permissions on the system's temporary directory. An attacker can elevate privileges by exploiting the...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Develocity versions prior to 2024.3.1, which stems from a vulnerability that allows an attacker with network access privileges to obtain...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Develocity versions prior to 2024.1.8, which stems from an incorrectly migrated project access control configuration that results in...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2024:3923-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3923-1 advisory. - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of th...
Gradle Code Issues Vulnerabilities
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A code issue vulnerability exists in Gradle prior to 7.6.3 and prior to 8.4. The vulnerability stems from the fact that under certain circumstances, when Gradle parses an XML fil...
Gradle Security Vulnerabilities
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. A security vulnerability exists in Gradle that stems from an improper assignment of permissions when copying files or creating archives. Affected products and versions:...
SUSE CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
UBUNTU-CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
PT-2023-25397 · Gradle +2 · Gradle +2
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.2 Gradle versions prior to 8.2 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses th...
Gradle 信息泄露漏洞
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. An information disclosure vulnerability exists in Gradle versions prior to 2.4.2, which stems from the fact that data stored in the GitHub Actions cache can be read by...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1867-1 advisory. - CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. bsc1184807 Tenab...
Gradle 安全漏洞
Gradle is a suite of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from a dependency validation failure if anything other than a fingerprint is used in the trust element of the dependency...
SUSE CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
SUSE CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
Gradle 信息泄露漏洞
Gradle is a suite of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise version 2022.2.2 and prior versions, which stems from incorrect access control and leads to information disclosure...
gradle: information disclosure through temporary directory permissions
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
Gradle 安全漏洞
Gradle is a set of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. Gradle suffers from a security vulnerability that stems from the fact that under certain circumstances, Gradle may skip validation and accept a dependency that would otherwise cause...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle versions prior to 7.0 that allows multiple users to create system temporary directories by creating and deleting open permissions to fil...
USN-4858-1 gradle vulnerabilities
It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...