pkg:Bitnami/gradle

All known vulnerabilities

• CRITICAL9.8CVE-2023-26053Gradle usage of long IDs for PGP keys opens potential for collision attacks
  >= 6.2.0, < 6.9.4, >= 7.0.0, < 7.6.1
• HIGH8.8CVE-2025-27148Gradle vulnerable to local privilege escalation through system temporary directory
  >= 8.12.0, < 8.12.1
• HIGH8.1CVE-2021-41588In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects.
  >= 2017.2.0, < 2021.1.3
• HIGH8.1Path traversal vulnerabilities in handling of Tar archives in Gradle
  from 0, < 7.6.2, >= 8.0.0, < 8.2.0
• HIGH7.8Local privilege escalation through system temporary directory
  from 0, < 7.0.0
• HIGH7.5Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configur…
  >= 2020.4.0, < 2021.1.3
• HIGH7.5In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
  >= 2020.4.0, < 2021.1.3
• HIGH7.5In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other r…
  >= 2017.6.0, < 2021.1.3
• HIGH7.5Dependency verification bypass in Gradle
  >= 6.2.0, < 7.3.4
• HIGH7.5Arbitrary code execution via specially crafted environment variables
  from 0, < 7.2.0
• HIGH7.5Code injection in Apache Ant
  from 0, < 6.8.0
• HIGH7.4Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts
  from 0, < 9.3.0
• HIGH7.4Gradle fails to disable repositories which can expose builds to malicious artifacts
  from 0, < 9.3.0
• HIGH7.2Repository content filters do not work in Settings pluginManagement
  >= 5.1.0, < 7.0.0
• HIGH7.2Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
  from 0, < 1.3.1
• MEDIUM6.5Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
  from 0, < 7.6.3, >= 8.0.0, < 8.4.0
• MEDIUM5.5Dependency cache path traversal in Gradle
  from 0, < 7.6.2, >= 8.0.0, < 8.2.0
• MEDIUM5.5Information disclosure through temporary directory permissions
  from 0, < 7.0.0
• MEDIUM5.3Possible local file exfiltration by XML External entity injection
  from 0, < 7.6.3, >= 8.0.0, < 8.4.0
• MEDIUM4.4Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
  >= 6.2.0, < 7.5.0