Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

864 matches found

SUSE CVE
SUSE CVEadded 2023/10/10 1:30 a.m.1 views

SUSE CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS9.2AI score0.00669EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/10/10 1:30 a.m.1 views

SUSE CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS9.1AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2023/10/09 6:54 p.m.132 views

CVE-2023-44387

A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with...

3.2CVSS4.9AI score0.0021EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2023/10/09 6:54 p.m.34 views

CVE-2023-42445

A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it...

5.3CVSS6.2AI score0.00669EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2023/10/06 2:15 p.m.32 views

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.9AI score0.00669EPSS
Exploits0
NVD
NVDadded 2023/10/06 2:15 p.m.15 views

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.6AI score0.00669EPSS
Exploits0References4
OSV
OSVadded 2023/10/06 2:15 p.m.2 views

DEBIAN-CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

5.3CVSS6.4AI score0.00669EPSS
Exploits0References1
OSV
OSVadded 2023/10/06 2:15 p.m.0 views

UBUNTU-CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS5.8AI score0.00669EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2023/10/06 2:15 p.m.19 views

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.5AI score0.00669EPSS
Exploits0References4
Prion
Prionadded 2023/10/06 2:15 p.m.16 views

Xxe

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

2.6CVSS5.3AI score0.00669EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/06 1:52 p.m.2 views

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6AI score0.00669EPSS
Exploits0References4
Cvelist
Cvelistadded 2023/10/06 1:52 p.m.24 views

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.8AI score0.00669EPSS
Exploits0References4
CVE
CVEadded 2023/10/06 1:52 p.m.169 views

CVE-2023-42445

CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...

6.8CVSS6AI score0.00669EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/10/06 1:52 p.m.23 views

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.3AI score0.00669EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2023/10/06 1:52 p.m.22 views

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

6.8CVSS6.2AI score0.00669EPSS
Exploits0
CNNVD
CNNVDadded 2023/10/06 12:0 a.m.3 views

Gradle Code Issues Vulnerabilities

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A code issue vulnerability exists in Gradle prior to 7.6.3 and prior to 8.4. The vulnerability stems from the fact that under certain circumstances, when Gradle parses an XML fil...

6.8CVSS6.8AI score0.00669EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2023/10/06 12:0 a.m.1 views

PT-2023-28345 · Gradle +1 · Gradle +1

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.3 Gradle versions prior to 8.4 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external...

6.8CVSS5.9AI score0.00669EPSS
Exploits0References20
OSV
OSVadded 2023/10/05 6:15 p.m.2 views

DEBIAN-CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS6AI score0.0021EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2023/10/05 6:15 p.m.27 views

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS6.8AI score0.0021EPSS
Exploits0
NVD
NVDadded 2023/10/05 6:15 p.m.20 views

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS4.9AI score0.0021EPSS
Exploits0References5
Rows per page
Query Builder