Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-29427

Опубликовано: 13 апр. 2021
Источник: nvd
CVSS3: 8
CVSS3: 7.2
CVSS2: 6
EPSS Низкий

Описание

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a pluginManagement block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organi

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
Версия от 5.1 (включая) до 7.0 (исключая)
Конфигурация 2
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Версия до 2.2.3 (включая)

EPSS

Процентиль: 68%
0.00557
Низкий

8 High

CVSS3

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-829

Связанные уязвимости

ubuntu логотип

CVE-2021-29427

CVSS3: 8
ubuntu
почти 5 лет назад

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your org...

redhat логотип

CVE-2021-29427

CVSS3: 8
redhat
почти 5 лет назад

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your org...

debian логотип

CVE-2021-29427

CVSS3: 8
debian
почти 5 лет назад

In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...

EPSS

Процентиль: 68%
0.00557
Низкий

8 High

CVSS3

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-829