Vulnerabilities > Gradle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-15769 | Cross-site Scripting vulnerability in Gradle Enterprise 2020.2/2020.2.4 An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. | 4.3 |
| 2019-09-16 | CVE-2019-16370 | Improper Input Validation vulnerability in Gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | 4.3 |
| 2019-04-10 | CVE-2019-11065 | Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. | 5.9 |