Vulnerabilities > Gradle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-7599 | Information Exposure Through Log Files vulnerability in Gradle Plugin Publishing All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. | 6.5 |
| 2019-09-16 | CVE-2019-16370 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | 5.9 |
| 2019-08-14 | CVE-2019-15052 | Insufficiently Protected Credentials vulnerability in Gradle The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. | 9.8 |
| 2019-04-22 | CVE-2019-11403 | Information Exposure vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. | 9.8 |
| 2019-04-22 | CVE-2019-11402 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | 9.8 |
| 2019-04-10 | CVE-2019-11065 | Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. | 5.9 |
| 2017-02-07 | CVE-2016-6199 | Deserialization of Untrusted Data vulnerability in Gradle 2.12 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |