Gradle Security Vulnerabilities and Issues — Gradle CVE List

Lucene search

GradleGradle

3 matches found

CVE•added 2019/08/14 8:15 p.m.•73 views

CVE-2019-15052

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

9.8CVSS7.9AI score0.03066EPSS

CVE•added 2023/03/02 4:15 a.m.•70 views

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their depe...

9.8CVSS7.7AI score0.0034EPSS

CVE•added 2017/02/07 3:59 p.m.•35 views

CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

9.8CVSS9.6AI score0.03026EPSS