Vulnerabilities > CVE-2021-41588 - Deserialization of Untrusted Data vulnerability in Gradle

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

gradle

CWE-502

NVD

Published: 2021-09-24

Updated: 2021-10-01

Summary

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

Vulnerable Configurations

Part	Description	Count
Application	Gradle Gradle Gradle *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://security.gradle.com/advisory/2021-03