Vulnerabilities > Google > Bazel

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-3474 Insufficiently Protected Credentials vulnerability in Google Bazel 5.0.0
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests.
network
low complexity
google CWE-522
4.3
4.3
2021-04-16 CVE-2021-22539 Exposure of Resource to Wrong Sphere vulnerability in Google Bazel
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable.
local
low complexity
google CWE-668
7.8
7.8