55 matches found
CVE-2026-53914
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...
CVE-2026-53914
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...
CVE-2026-53914
CVE-2026-53914 affects JetBrains Kotlin prior to 2.4.20, where unsafe deserialization in the build cache metadata allows code execution. The NVD notes a high-severity, network-vector vulnerability with critical impact to confidentiality, integrity, and availability; local context in CVSS from CNA...
PT-2026-52700
Name of the Vulnerable Software and Affected Versions JetBrains Kotlin versions prior to 2.4.20 Description Unsafe deserialization in the build cache metadata allows for remote code execution. Deserialization is the process of converting a data format, such as JSON or XML, back into an object tha...
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...
OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge
This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence
Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...
CVE-2019-11403
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...
EUVD-2019-3079
Malware in sbrugna...
EUVD-2021-28603
Malicious code in bioql PyPI...
EUVD-2022-30035
Malicious code in bioql PyPI...
GHSA-RRR2-JCR8-7Q3X @nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
CVE-2019-11402
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...
BIT-GRADLE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
SUSE CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...