Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GradleGradle

3 matches found

CVE
CVEadded 2019/09/16 6:15 p.m.150 views

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.

5.9CVSS5.8AI score0.00199EPSS
CVE
CVEadded 2019/04/10 12:29 a.m.73 views

CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

5.9CVSS5.5AI score0.0037EPSS
CVE
CVEadded 2019/08/14 8:15 p.m.73 views

CVE-2019-15052

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

9.8CVSS7.9AI score0.03066EPSS