Lucene search
K

55 matches found

CVE
CVE
added 2022/07/14 8:5 p.m.84 views

CVE-2022-31156

CVE-2022-31156 : Gradle’s dependency verification can skip checksum verification when signature verification cannot be performed. Affected versions: 6.2–7.4.2. If verification metadata contains only a gpg element (no checksum) or if there is no signature file on the remote repo, Gradle may accept...

6.6CVSS5.2AI score0.00507EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/07/14 8:5 p.m.47 views

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS5AI score0.00507EPSS
Exploits0
OSV
OSV
added 2022/07/14 8:5 p.m.32 views

CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS4.9AI score0.00507EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/14 12:0 a.m.4 views

PT-2022-20571

Name of the Vulnerable Software and Affected Versions Gradle versions 6.2 through 7.4.2 Description Gradle is a build tool with a security feature called dependency verification, which validates external dependencies through checksum or cryptographic signatures. In affected versions, there are...

6.6CVSS5.8AI score0.00507EPSS
Exploits0References12
NVD
NVD
added 2022/02/10 8:15 p.m.26 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS0.0132EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/02/10 8:15 p.m.19 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7AI score0.0132EPSS
Exploits0References4
Prion
Prion
added 2022/02/10 8:15 p.m.18 views

Design/Logic Flaw

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

6CVSS7.5AI score0.0132EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/10 8:15 p.m.4 views

UBUNTU-CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7.1AI score0.0132EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2022/02/10 8:15 p.m.80 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS1.6AI score0.0132EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/02/10 8:10 p.m.38 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7.5AI score0.0132EPSS
Exploits0
Cvelist
Cvelist
added 2022/02/10 8:10 p.m.40 views

CVE-2022-23630 Dependency verification bypass in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7.7AI score0.0132EPSS
Exploits0References3
OSV
OSV
added 2022/02/10 8:10 p.m.22 views

CVE-2022-23630 Dependency verification bypass in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7.5AI score0.0132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/10 12:0 a.m.3 views

PT-2022-16144 · Gradle · Gradle

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.4 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip verification and accept a dependency that would otherwise fail the...

7.5CVSS7.1AI score0.0132EPSS
Exploits0References11
CVE
CVE
added 2020/03/23 11:5 p.m.68 views

CVE-2020-5252

CVE-2020-5252 concerns the command-line Python package Safety. Reports describe a low-severity issue where two Python-related characteristics permit a malicious package to poison-pill or obfuscate other packages, allowing bypass of Safety’s detection routines. This is said to occur when Safety ru...

5CVSS4.5AI score0.00366EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/03/23 11:5 p.m.15 views

CVE-2020-5252 Malicious package may avoid detection in python auditing

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS5.2AI score0.00366EPSS
Exploits0References3
Rows per page
Query Builder