864 matches found
CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...
HybridTestFramework - End To End Testing Of Web, API And Security
Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
Design/Logic Flaw
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
UBUNTU-CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630
CVE-2022-23630 affects Gradle’s dependency verification bypass. When verification is disabled on some configurations but enabled on others, and the disabled configuration resolves first, common dependencies may skip verification for the enabled configuration. Gradle 7.4 addresses this by validati...
CVE-2022-23630 Dependency verification bypass in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630 Dependency verification bypass in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
Gradle 安全漏洞
Gradle is a set of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. Gradle suffers from a security vulnerability that stems from the fact that under certain circumstances, Gradle may skip validation and accept a dependency that would otherwise cause...
PT-2022-16144 · Gradle · Gradle
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.4 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip verification and accept a dependency that would otherwise fail the...
JetBrains Kotlin 安全特征问题漏洞
JetBrains Kotlin is a statically-typed programming language from the Czech company JetBrains that runs on the Java Virtual Machine. JetBrains Kotlin suffers from a security signature issue vulnerability that stems from the product's ability to lock dependencies related to the Kotlin Multiplatform...
GHSA-R8J4-96MX-RJCC Improper Restriction of XML External Entity Reference in skylot/jadx
skylot/jadx prior to 1.3.2 is vulnerable to Improper Restriction of XML External Entities when a user is tricked into exporting a malicious APK file via the -e option containing a crafted AndroidManifest.xml / strings.xml to gradle, leading to possible local file disclosure...
Improper Restriction of XML External Entity Reference in skylot/jadx
skylot/jadx prior to 1.3.2 is vulnerable to Improper Restriction of XML External Entities when a user is tricked into exporting a malicious APK file via the -e option containing a crafted AndroidManifest.xml / strings.xml to gradle, leading to possible local file disclosure...
XML External Entity (XXE)
jadx-core is vulnerable to xml external entity attacks. The vulnerability exists in the parseXml function of ExportGradleProject.java as it does not set disallow-doctype-decl attribute in the DocumentBuilderFactory, allowing an attacker to export a malicious android application with a crafted...
in skylot/jadx
Description parseXml function in ExportGradleProject is not secured against XXE because it does not include the disallow-doctype-decl attribute, therefore JADX is vulnerable to XXE when parsing a malicious Android Manifest when exporting Android app to Gradle. In...
org.xbib.elasticsearch:gradle-plugin-elasticsearch-build (=6.3.2.5) potentially affected by CVE-2021-44228 via org.xbib.elasticsearch:log4j (=6.3.2.1)
org.xbib.elasticsearch:log4j MAVEN version =6.3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.xbib.elasticsearch:log4j and may be impacted: - org.xbib.elasticsearch:gradle-plugin-elasticsearch-build =6.3.2.5 Source cves: CVE-2021-44228 Source...
Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments
Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification OAS defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring acce...