Gradle

Gradle

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-27148

  • EPSS 0.04%
  • Veröffentlicht 25.02.2025 21:15:18
  • Zuletzt bearbeitet 25.02.2025 21:15:18

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files wit...

5.3

CVE-2023-42445

  • EPSS 0.37%
  • Veröffentlicht 06.10.2023 14:15:12
  • Zuletzt bearbeitet 11.04.2025 14:50:21

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just ...

6.5

CVE-2023-44387

  • EPSS 0.06%
  • Veröffentlicht 05.10.2023 18:15:12
  • Zuletzt bearbeitet 21.11.2024 08:25:47

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the li...

8.1

CVE-2023-35947

  • EPSS 0.14%
  • Veröffentlicht 30.06.2023 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:14:12

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to ...

5.5

CVE-2023-35946

  • EPSS 0.1%
  • Veröffentlicht 30.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:02

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dep...

9.8

CVE-2023-26053

  • EPSS 0.37%
  • Veröffentlicht 02.03.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:50:40

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP k...

4.4

CVE-2022-31156

  • EPSS 0.19%
  • Veröffentlicht 14.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:01

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, ther...

7.2

CVE-2022-30586

  • EPSS 1.11%
  • Veröffentlicht 06.06.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:58

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.

7.5

CVE-2022-23630

  • EPSS 0.61%
  • Veröffentlicht 10.02.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:58

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This o...

7.5

CVE-2021-41587

  • EPSS 0.28%
  • Veröffentlicht 24.09.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:28

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.