Gradle 路径遍历漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool, which supports maven, Ivy repository and so on. Gradle there is a path traversal vulnerability , the vulnerability stems from the existence of path traversal , an attacker can use the vulnerability by reading arbitrary files...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

GHSA-7G45-4RM6-3MM3 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, spdx-tools-java, debezium-connector-spanner, gradle, celeborn, hadoop-client-modules, maven-stage0...

GHSA-7G45-4RM6-3MM3 vulnerabilities

Vulnerabilities for packages: celeborn, gradle, cassandra-reaper, spdx-tools-java, debezium-connector-spanner, maven-stage0...

CVE-2023-2976 vulnerabilities

Vulnerabilities for packages: celeborn, gradle, cassandra-reaper, spdx-tools-java, debezium-connector-spanner, maven-stage0...

CVE-2023-2976 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, spdx-tools-java, debezium-connector-spanner, gradle, celeborn, hadoop-client-modules, maven-stage0...

ch.sourcemotion.gradle.vertx.hermes:ch.sourcemotion.gradle.vertx.hermes.gradle.plugin (=0.0.1), ch.sourcemotion.gradle:vertx-hermes-gradle-plugin (=0.0.1) +30 more potentially affected by CVE-2023-34615 via net.pwall.json:jsonutil (>=2.0 <=5.0)

net.pwall.json:jsonutil MAVEN version =2.0, =0.1.0, =0.6.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.68, =0.31, =0.68, =0.1, =0.6.1 and more Source cves: CVE-2023-34615 Source advisory: OSV:GHSA-W2RR-WVH9-M2M7...

This Week in Spring - June 6th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what an insane week it's been! Long story short, I've spent 10-12 hours a day over the last five days migrating a dozen differnet applications and services from one GKE cluster to another, taking the time to update things...

This Week in Spring - May 30th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This installment I write on the day of my daughter's High School graduation, an auspicious day indeed! There's a lot to get through this week, though, and I have a graduation to get to, so let's dive right in! Spring...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts...

SUSE-SU-2023:2203-1 Security update for gradle

This update for gradle fixes the following issues: - CVE-2021-32751: Fixed arbitrary code execution in application plugin and the gradlew script bsc1188569...

Denial Of Services (DoS)

Gradle is vulnerable to Denial Of Services DoS. The vulnerability exists because the library's trusted-key or pgp elements do not properly verify if they use long IDs, which allows an attacker to cause an application crash by submitting the long IDs 64 bits...

A Bootiful Podcast: Java Champion Ken Kousen on Gradle, Java, Kotlin, Mockito, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Java Champion Ken Kousen @kenkousen, live from the Great International Developer Summit 2023 in beautiful Bangalore, India, about Gradle, the Kotlin DSL, Java, and so much more Check out Ken's awesome Youtube channel...

This Week in Spring - May 2, 20223

Hi, Spring fans! Welcome to another installment of This Week in Spring! You realize it's already May, 2023? Time's flying, way too quickly! I just got back from Bangalore, India, where I spoke at the amazing Great International Developer Summit, one of the all time best shows ever, and now I'm...

Data written to GitHub Actions Cache may expose secrets

Impact This vulnerability impacts GitHub workflows using the Gradle Build Action that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build...

GHSA-H3QR-39J9-4R5V Data written to GitHub Actions Cache may expose secrets

Impact This vulnerability impacts GitHub workflows using the Gradle Build Action that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build...

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

Default configuration

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...