55 matches found
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
Path traversal
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
PT-2023-25398 · Gradle +2 · Gradle +2
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.2 Gradle versions prior to 8.2 Description: This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. When unpacking Tar archives, Gradle did no...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
Default configuration
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
CVE-2022-25364 concerns Gradle Enterprise prior to 2021.4.2, where the default built-in build cache configuration allowed anonymous write access. If not manually changed, a network-accessible build cache could be populated with manipulated entries that execute malicious code during a build. As of...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
PT-2022-17242 · Gradle · Gradle Enterprise
Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.4.2 Description: The default built-in build cache configuration in Gradle Enterprise allowed anonymous write access, potentially enabling a malicious actor with network access to populate the cache wit...
Gradle 安全漏洞
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. Gradle Enterprise prior to 2021.4.2 suffers from a security vulnerability that stems from the default built-in build cache configuration allowing anonymous write access. If this...
PT-2022-16112 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue occurs when building an XLA compilation cache with default settings,...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
Default configuration
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
CVE-2021-41589
Affected software: Gradle Enterprise prior to 2021.3 and Enterprise Build Cache Node prior to 10.0. Vulnerability: Default configuration allows anonymous access to the configuration UI and anonymous write access to the build cache, enabling cache poisoning that may execute malicious code in a bui...
Gradle 安全漏洞
Gradle is a set of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise that stems from Potential cache poisoning and remote code execution in Gradle Enterprise prior to 2021.3 and Enterprise Build...
Gradle Enterprise Cross-Site Request Forgery Vulnerability (CNVD-2020-54143)
Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site request forgery vulnerability exists in Gradle Enterprise version 2018.2 and Build Cache Node version 4.1. The vulnerability stems from a WEB application that does not adequately validate...