Vulnerabilities > Gradle
|2021-09-24||CVE-2021-41586|| Server-Side Request Forgery (SSRF) vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
| 5.0 |
|2021-09-24||CVE-2021-41587|| Server-Side Request Forgery (SSRF) vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
| 5.0 |
|2021-09-24||CVE-2021-41588|| Deserialization of Untrusted Data vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects.
| 6.8 |
|2021-09-24||CVE-2021-41584|| Information Exposure vulnerability in Gradle |
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
| 5.0 |
|2021-07-20||CVE-2021-32751|| OS Command Injection vulnerability in Gradle |
Gradle is a build tool with a focus on build automation.
| 8.5 |
|2021-04-13||CVE-2021-29428|| Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products |
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it.
| 4.4 |
|2021-04-13||CVE-2021-29427|| Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products |
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning.
| 6.0 |
|2021-04-12||CVE-2021-29429|| Insecure Temporary File vulnerability in multiple products |
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle.
| 1.9 |
|2021-02-09||CVE-2021-26719|| Path Traversal vulnerability in Gradle products |
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2.
| 5.5 |
|2020-10-01||CVE-2020-11979||As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.|| 5.0 |