CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-15052
https://notcve.org/view.php?id=CVE-2019-15052
14 Aug 2019 — The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. El cliente HTTP en Gradle en versiones anteriores a la 5.6 envía las credenciales de autenticación destinadas originalmente para el host configurado. Si ese host devuelve una redirección 30x, Gradle también envía esas credenciales a... • https://github.com/gradle/gradle/issues/10278 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11065
https://notcve.org/view.php?id=CVE-2019-11065
09 Apr 2019 — Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. Gradle versiones desde la 1.4 hasta la 5.3.1 utilizan una HTTP URL insegura, para descargar dependencias cuando se utilizan los plugins JavaScript o CoffeeScript Gradle incorporados. Los artefactos de dependencia podrían haber sido malici... • https://github.com/gradle/gradle/pull/8927 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2016-6199
https://notcve.org/view.php?id=CVE-2016-6199
07 Feb 2017 — ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. ObjectSocketWrapper.java en Gradle 2.12 permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado. • https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 • CWE-502: Deserialization of Untrusted Data •