gradle

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Powerful build system for the JVM
Version	8.7-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2192	7.1.1-1	7.2-1	High	Fixed
AVG-1809	6.8.3-1	7.0-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-32751	AVG-2192	High	No	Arbitrary command execution	In Gradle versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code...
CVE-2021-29429	AVG-1809	Medium	No	Information disclosure	In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded...
CVE-2021-29428	AVG-1809	High	No	Privilege escalation	In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create...
CVE-2021-29427	AVG-1809	High	Yes	Insufficient validation	In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository...