SUSE CVE-2021-29429

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...

SUSE CVE-2021-32751

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...

SUSE CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

SUSE CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

Ubuntu: Security Advisory (USN-4858-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tai-e - An Easy-To-Learn/Use Static Analysis Framework For Java

Tai-e What is Tai-e? Tai-e Chinese: 太阿; pronunciation: ˈtaɪə: is a new static analysis framework for Java please see our technical report for details, which features arguably the "best" designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and...

A Bootiful Podcast: Dr. Amanda Martin, Gradle developer advocate

Hi, Spring fans! In this installment, Josh Long @starbuxman talks with Gradle developer advocate Dr. Amanda Martin @DrAmandaLMartin...

A Bootiful Podcast: Dr. Amanda Martin, Gradle developer advocate

Hi, Spring fans! In this installment, Josh Long @starbuxman talks with Gradle developer advocate Dr. Amanda Martin @DrAmandaLMartin...

A Bootiful Podcast: Dr. Amanda Martin, Gradle developer advocate

Hi, Spring fans! In this installment, Josh Long @starbuxman talks with Gradle developer advocate Dr. Amanda Martin @DrAmandaLMartin...

A Bootiful Podcast: Field CTO and Chief Evangelist at Gradle Justin Reock

Hi, Spring fans and happy holidays!! In this installment, Josh Long talks to Field CTO and Chief Evangelist at Gradle Justin Reock...

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...

@adobe/git-server (>=0.9.17 <=1.0.0), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=5.7.6) +49 more potentially affected by CVE-2022-22984 via snyk-gradle-plugin (>=1.0.2 <=3.24.2)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =3.11.9, =0.0.70, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.0.7, =1.0.9 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

PT-2022-15754 · Snyk · Snyk-Python-Plugin +7

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1064.0 snyk-mvn-plugin versions prior to 2.31.3 snyk-gradle-plugin versions prior to 3.24.5 @snyk/snyk-cocoapods-plugin versions prior to 2.5.3 snyk-sbt-plugin versions prior to 2.16.2 snyk-python-plugin versions prio...

Improper Dependency Locking

JetBrains Kotlin is vulnerable to Improper Dependency Locking. The vulnerability exists in the internal function consumerApiUsage of KotlinUsages.kt because all files for configuration ':metadataCompileClasspath' cannot be resolved with gradle dependency locks which allows an attacker to modify t...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

Cross site scripting

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

Gradle 安全漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise versions 2022.3 through 2022.3.3. A remote attacker can access application data by exploiting the vulnerability...