EUVD-2022-5389

Malicious code in bioql PyPI...

CVE-2020-15777

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...

GHSA-VP55-FHXX-VCX8 Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are...

The vulnerability of the extension for the Microsoft Visual Studio Code – Maven for Java Extension (vscode-maven) relates to improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the extension for the Microsoft Visual Studio Code – Maven for Java Extension vscode-maven is related to improper code generation management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted request...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

Gradle path traversal vulnerability

Gradle is a set of JVM-based project build tools from the U.S. company Gradle, which supports maven, Ivy repositories and more. Multiple Gradle code repositories are vulnerable to a path traversal vulnerability that uses a carefully constructed tarball to extract to an arbitrary filesystem...

CVE-2020-15777

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...

CVE-2020-15777

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...

Deserialization of untrusted data

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...

CVE-2020-15777

The CVE-2020-15777 issue affects the Maven Extension plugin for Gradle Enterprise prior to version 1.6. The plugin uses a socket connection to send serialized Java objects and deserialization is not restricted to an allow-list, enabling code execution via a malicious deserialization gadget chain....

CVE-2020-15777

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...

PT-2020-14624 · Gradle · Maven Extension Plugin

Name of the Vulnerable Software and Affected Versions: Maven Extension plugin versions prior to 1.6 for Gradle Enterprise Description: An issue was discovered in the Maven Extension plugin, where the extension uses a socket connection to send serialized Java objects. Deserialization is not...

Security Update for Microsoft Visual Studio Code Maven Extension (August 2020)

An input-validation flaw exists in Visual Studio Code Maven Extension related to processing environment variables after opening a project that allows remote code execution. An attacker can convince a user to clone a specified repository and to open it in Visual Studio Code leading to code...