864 matches found
Insecure transport protocol in Gradle
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...
CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...
Exploit for Code Injection in Vmware Spring_Framework
This is a PoC exploit for CVE-2022-22965, a remote code executio...
The vulnerability of the Gradle plugin and script for the automatic build system Gradle allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Gradle plugin and script in the automatic build system Gradle is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
Palantir Public: Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"
Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"...
Unspecified Vulnerability in Gradle (CNVD-2022-25187)
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise that allows remote code execution. The configuration allows certain anonymous access to the administration and APIs.No detail...
CVE-2022-27919
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...
CVE-2022-27919
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...
CVE-2022-27919
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...
Remote code execution
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...
CVE-2022-27919
CVE-2022-27919 affects Gradle Enterprise prior to 2022.1. The issue allows remote code execution when the installation process omits an initial configuration file, because the configuration enables anonymous access to administration and the API. Impact is demonstrated as remote code execution wit...
CVE-2022-27919
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...
Gradle 安全漏洞
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise that allows remote code execution. The configuration allows certain anonymous access to the administration and APIs.No detail...
PT-2022-18690 · Gradle · Gradle Enterprise
Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2022.1 Description: The issue allows remote code execution if the installation process did not specify an initial configuration file, enabling certain anonymous access to administration and an API...
Unspecified Vulnerability in Gradle Enterprise
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. Gradle Enterprise prior to 2021.4.2 suffers from a security vulnerability that stems from the default built-in build cache configuration allowing anonymous write access. If this...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
Default configuration
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
CVE-2022-25364 concerns Gradle Enterprise prior to 2021.4.2, where the default built-in build cache configuration allowed anonymous write access. If not manually changed, a network-accessible build cache could be populated with manipulated entries that execute malicious code during a build. As of...