3 matches found
CVE-2026-22816
CVE-2026-22816 (Gradle) : Multiple sources describe a vulnerability in Gradle before 9.3.0 where non-fatal exceptions during dependency resolution would allow Gradle to continue to the next repository, and an unresolvable host name could let an attacker register a service under the build’s host n...
CVE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
osbuild-composer Data Forgery Issue Vulnerability
osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...