Vulnerabilities > CVE-2021-41588 - Deserialization of Untrusted Data vulnerability in Gradle
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |