UBUNTU-CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

CVE-2023-26053 affects Gradle, where dependency verification can be bypassed via a collision attack using long IDs for PGP keys in trusted-key/pgp metadata. The vulnerability arises from accepting non-fingerprint IDs and is mitigated by making verification fail when anything but a full fingerprin...

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

Gradle 安全漏洞

Gradle is a suite of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from a dependency validation failure if anything other than a fingerprint is used in the trust element of the dependency...

PT-2023-20453 · Gradle · Gradle

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 6.9.4 Gradle versions prior to 7.6.1 Gradle versions prior to 8.0 Description: This issue is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use lo...

Broken Cryptographic Algorithm

gradle is vulnerable to Broken Cryptographic Algorithm. The vulnerability allows a malicious attacker to replace a legitimate artifact with a different one with the same SHA-1 digest...

From Spring Native to Spring Boot 3

Today, we are finishing to transition the Spring support for building native executables from the experimental Spring Native project to the official Spring Boot GraalVM native image support. In practice, that means we are archiving the Spring Native GitHub repository and moving it to the...

This Week in Spring - February 21, 20223

Hi, Spring fans! Welcome to another installment of This Week in Spring! How're you? I almost forgot today was Tuesday! Here in the US, we had a three day weekend for President's day, and also I've been streaming for a few hours every day or almost every day on my little YouTube channel so the day...

com.bugvm:bugvm-compiler (>=1.0.0 <=1.2.9), com.bugvm:bugvm-dist (>=1.2.3 <=1.2.9) +27 more potentially affected by CVE-2016-15026 via com.googlecode.plist:dd-plist (>=1.0 <=1.16)

com.googlecode.plist:dd-plist MAVEN version =1.0, =1.0.0, =1.2.3, =1.2.3, =1.0.0, =0.0.1, =2.3.1-ios11, =2.3.1-ios11, =1.0.0-b1, =2.0.0, =2.3.2, =2.3.4, =2.3.1, =2.0.0, =1.2.0, =1.2.1 and more Source cves: CVE-2016-15026 Source advisory: OSV:GHSA-4JX2-HVQW-93J9...

SUSE CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...

SUSE CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

SUSE CVE-2019-15052

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...

SUSE CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

SUSE CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

SUSE CVE-2021-29428

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...