Vulnerabilities > CVE-2021-41588 - Deserialization of Untrusted Data vulnerability in Gradle

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

gradle

CWE-502

NVD

Published: 2021-09-24

Updated: 2021-10-01

Summary

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

Vulnerable Configurations

Part	Description	Count
Application	Gradle Gradle Gradle *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://security.gradle.com/advisory/2021-03