Code injection

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

CVE-2023-26053 affects Gradle, where dependency verification can be bypassed via a collision attack using long IDs for PGP keys in trusted-key/pgp metadata. The vulnerability arises from accepting non-fingerprint IDs and is mitigated by making verification fail when anything but a full fingerprin...

Gradle 安全漏洞

Gradle is a suite of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from a dependency validation failure if anything other than a fingerprint is used in the trust element of the dependency...