cn.bestwu.groovy-publish:cn.bestwu.groovy-publish.gradle.plugin (=0.0.31), cn.bestwu.kotlin-publish:cn.bestwu.kotlin-publish.gradle.plugin (=0.0.31) +16 more potentially affected by CVE-2020-7599 via com.gradle.publish:plugin-publish-plugin (>=0.10.0 <=0.10.1)

com.gradle.publish:plugin-publish-plugin MAVEN version =0.10.0, =0.10.0, =9.1.1, =1.2.0, =0.3, =0.3, =9.1.1, =1.2.0, =0.14.0, =0.14.0, =0.16.0, =0.32.0 and more Source cves: CVE-2020-7599 Source advisory: OSV:GHSA-CV78-V957-JX34https://vulners.com/osv/OSV:GH...

Exposure of Sensitive Information in Gradle publish plugin

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

Insertion of Sensitive Information into Log File

Overview com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin is a plugin that publishes plugins to the Gradle Plugin Portal. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while...