Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GradleGradle

3 matches found

CVE
CVEadded 2019/09/16 6:15 p.m.150 views

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.

5.9CVSS5.8AI score0.00217EPSS
CVE
CVEadded 2021/04/12 10:15 p.m.78 views

CVE-2021-29429

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded i...

5.5CVSS4.8AI score0.00029EPSS
CVE
CVEadded 2019/04/10 12:29 a.m.73 views

CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

5.9CVSS5.5AI score0.0037EPSS