Lucene search
+L

55 matches found

AlpineLinux
AlpineLinux
added 2023/06/30 9:15 p.m.36 views

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

8.1CVSS6.7AI score0.00528EPSS
Exploits0
Prion
Prion
added 2023/06/30 9:15 p.m.17 views

Path traversal

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

5.1CVSS8.1AI score0.00528EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/30 8:18 p.m.31 views

CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

6.9CVSS8.2AI score0.00528EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.6 views

PT-2023-25398 · Gradle +2 · Gradle +2

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.2 Gradle versions prior to 8.2 Description: This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. When unpacking Tar archives, Gradle did no...

8.1CVSS9.2AI score0.00528EPSS
Exploits0References30
OSV
OSV
added 2022/03/17 5:15 p.m.6 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

8.1CVSS5.8AI score0.01001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/17 5:15 p.m.4 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

9.3CVSS7.2AI score0.01001EPSS
Exploits0References3
NVD
NVD
added 2022/03/17 5:15 p.m.20 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

9.3CVSS0.01001EPSS
Exploits0References2
Prion
Prion
added 2022/03/17 5:15 p.m.19 views

Default configuration

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

9.3CVSS8.1AI score0.01001EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/17 4:24 p.m.90 views

CVE-2022-25364

CVE-2022-25364 concerns Gradle Enterprise prior to 2021.4.2, where the default built-in build cache configuration allowed anonymous write access. If not manually changed, a network-accessible build cache could be populated with manipulated entries that execute malicious code during a build. As of...

9.3CVSS8.1AI score0.01001EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/17 4:24 p.m.26 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

8.3AI score0.01001EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/03/17 4:24 p.m.48 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

9.3CVSS3.2AI score0.01001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/17 12:0 a.m.8 views

PT-2022-17242 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.4.2 Description: The default built-in build cache configuration in Gradle Enterprise allowed anonymous write access, potentially enabling a malicious actor with network access to populate the cache wit...

9.3CVSS8.1AI score0.01001EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.6 views

Gradle 安全漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. Gradle Enterprise prior to 2021.4.2 suffers from a security vulnerability that stems from the default built-in build cache configuration allowing anonymous write access. If this...

9.3CVSS5.8AI score0.01001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.4 views

PT-2022-16112 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue occurs when building an XLA compilation cache with default settings,...

6.5CVSS6.3AI score0.00774EPSS
Exploits1References12
OSV
OSV
added 2021/10/27 2:15 p.m.6 views

CVE-2021-41589

In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...

9.8CVSS7.9AI score0.02308EPSS
Exploits0References2
Prion
Prion
added 2021/10/27 2:15 p.m.19 views

Default configuration

In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...

7.5CVSS9.6AI score0.02308EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/10/27 2:15 p.m.3 views

CVE-2021-41589

In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...

9.8CVSS7.9AI score0.02308EPSS
Exploits0References3
CVE
CVE
added 2021/10/27 1:31 p.m.53 views

CVE-2021-41589

Affected software: Gradle Enterprise prior to 2021.3 and Enterprise Build Cache Node prior to 10.0. Vulnerability: Default configuration allows anonymous access to the configuration UI and anonymous write access to the build cache, enabling cache poisoning that may execute malicious code in a bui...

9.8CVSS9.6AI score0.02308EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.6 views

Gradle 安全漏洞

Gradle is a set of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise that stems from Potential cache poisoning and remote code execution in Gradle Enterprise prior to 2021.3 and Enterprise Build...

9.8CVSS9.1AI score0.02308EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/25 12:0 a.m.5 views

Gradle Enterprise Cross-Site Request Forgery Vulnerability (CNVD-2020-54143)

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site request forgery vulnerability exists in Gradle Enterprise version 2018.2 and Build Cache Node version 4.1. The vulnerability stems from a WEB application that does not adequately validate...

7.5CVSS6.9AI score0.01036EPSS
Exploits0References1
Rows per page
Query Builder