Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gradle 代码问题漏洞
Vulnerability Description
Gradle是美国Gradle公司的一套基于JVM的项目构建工具,它支持maven、Ivy仓库等。 Gradle Enterprise 2018.5版本至2020.2.4版本存在代码问题漏洞。该漏洞源于通过上传的SAML IDP配置,有XXE与生成的SSRF。
CVSS Information
N/A
Vulnerability Type
N/A