Gradle

gradle

Vendor: Gradle • 23 CVEs

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15052 1Gradle 1Gradle Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the...Show more The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.Show less
CVE-2019-11065 2Fedoraproject Gradle 2Fedora Gradle Nov 21, 2024 Apr 10, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a...Show more Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.Show less
CVE-2016-6199 1Gradle 1Gradle May 13, 2026 Feb 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

Previous 12