Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-4858-1
HistoryMar 15, 2021 - 10:44 p.m.

gradle vulnerabilities

2021-03-1522:44:10
Google
osv.dev
11
gradle
vulnerabilities
insecure http url
javascript
coffeescript
remote unauthenticated attacker
machine-in-the-middle attack
pgp signing plugin
sha-1 algorithm
spoofing attacks
software

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

It was discovered that Gradle used an insecure HTTP URL to download
dependencies when the built-in JavaScript or CoffeeScript Gradle plugins
were used. A remote unauthenticated attacker could possibly use this issue
to perform a machine-in-the-middle attack. (CVE-2019-11065)

It was discovered that the PGP signing plugin in Gradle relied on the
insecure SHA-1 algorithm. An attacker could possibly use this issue to
conduct spoofing attacks. (CVE-2019-16370)

Related

openvas 4
nessus 3
ubuntu 1
ubuntucve 2
debiancve 2
osv 5
redhatcve 2
fedora 3
cve 2
cvelist 2
prion 2
github 2
veracode 1
nvd 2
openvas
openvas
Ubuntu: Security Advisory (USN-4858-1)
2023-01-27 00:00:00
Fedora Update for gradle FEDORA-2019-a9c15101fb
2019-05-22 00:00:00
Fedora Update for gradle FEDORA-2019-1b6383acdd
2019-08-20 00:00:00
nessus
nessus
Ubuntu 18.04 ESM : Gradle vulnerabilities (USN-4858-1)
2023-10-21 00:00:00
Fedora 30 : gradle (2019-1b6383acdd)
2019-08-20 00:00:00
Fedora 28 : gradle (2019-902786bc1e)
2019-05-03 00:00:00
ubuntu
ubuntu
Gradle vulnerabilities
2021-03-15 00:00:00
ubuntucve
ubuntucve
CVE-2019-11065
2019-04-10 00:00:00
CVE-2019-16370
2019-09-16 00:00:00
debiancve
debiancve
CVE-2019-11065
2019-04-10 00:29:00
CVE-2019-16370
2019-09-16 18:15:12
osv
osv
CVE-2019-11065
2019-04-10 00:29:00
gradle-4.4.1-7.2 on GA media
2024-06-15 00:00:00
Insecure transport protocol in Gradle
2022-05-13 01:21:57
redhatcve
redhatcve
CVE-2019-11065
2019-04-10 14:20:23
CVE-2019-16370
2019-10-07 06:36:52
fedora
fedora
[SECURITY] Fedora 28 Update: gradle-4.3.1-9.fc28
2019-05-03 01:36:10
[SECURITY] Fedora 30 Update: gradle-4.4.1-4.fc30
2019-08-19 01:02:54
[SECURITY] Fedora 29 Update: gradle-4.3.1-9.fc29
2019-05-21 02:20:34
cve
cve
CVE-2019-11065
2019-04-10 00:29:00
CVE-2019-16370
2019-09-16 18:15:12
cvelist
cvelist
CVE-2019-11065
2019-04-09 23:37:04
CVE-2019-16370
2019-09-16 17:50:28
prion
prion
Design/Logic Flaw
2019-04-10 00:29:00
Denial of service
2019-09-16 18:15:00
github
github
Insecure transport protocol in Gradle
2022-05-13 01:21:57
Use of a weak cryptographic algorithm in Gradle
2022-05-24 16:56:18
veracode
veracode
Broken Cryptographic Algorithm
2023-02-27 14:49:27
nvd
nvd
CVE-2019-11065
2019-04-10 00:29:00
CVE-2019-16370
2019-09-16 18:15:12

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON
Related for OSV:USN-4858-1
openvas4nessus3ubuntu1ubuntucve2debiancve2osv5redhatcve2fedora3cve2cvelist2prion2github2veracode1nvd2