865 matches found
UBUNTU-CVE-2025-27148
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...
Creation of Temporary File With Insecure Permissions
Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions due to improper handling of temporary files. On Unix-like systems, if the Native.getClass method is invoked without prior initialization via Native.initFile with a non-null argument,...
CVE-2025-27148
CVE-2025-27148 affects Gradle’s native-platform library used by Gradle builds. Vulnerability arises when Native.get(Class) is called without prior Native.init(File) and a non-null working path is supplied, causing initialization to occur in the system temporary directory on Unix-like systems. Ver...
CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...
CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...
CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...
CVE-2025-27148
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from improper permissions on the system's temporary directory. An attacker can elevate privileges by exploiting the...
PT-2025-7918 · Gradle +1 · Gradle +1
Name of the Vulnerable Software and Affected Versions: net.rubygrapefruit:native-platform versions prior to 0.22-milestone-28 Gradle version 8.12 Description: The issue concerns a local privilege escalation vulnerability in the Gradle build automation tool, specifically in its native-platform...
CVE-2024-48964
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Develocity versions prior to 2024.3.1, which stems from a vulnerability that allows an attacker with network access privileges to obtain...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Develocity versions prior to 2024.1.8, which stems from an incorrectly migrated project access control configuration that results in...
This Week in Spring - November 12th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...
openSUSE Security Advisory (SUSE-SU-2024:3923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2024:3923-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3923-1 advisory. - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of th...
Security update for gradle
This update for gradle fixes the following issues: CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location bsc1212931. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2024:3923-1 Security update for gradle
This update for gradle fixes the following issues: - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location bsc1212931...
SUSE: Security Advisory (SUSE-SU-2024:3923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OS Command Injection
snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...
CycloneDX Generator 安全漏洞
CycloneDX Generator cdxgen is a CLI tool, library, REPL and server for CycloneDX open source. It is used to create valid and compatible CycloneDX bill of materials. A security vulnerability exists in CycloneDX Generator version 10.10.7 and prior versions, which stems from the possibility of...