VYPR

Maven package

org.gradle/gradle-core

pkg:maven/org.gradle/gradle-core

Vulnerabilities (2)

  • CVE-2019-16370Sep 16, 2019
    affected < 6.0fixed 6.0

    The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.

  • CVE-2019-11065Apr 9, 2019
    affected >= 1.4, < 5.4.0fixed 5.4.0

    Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.