Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
com.gradle.plugin-publish 日志信息泄露漏洞
Vulnerability Description
Gradle是美国Gradle公司的一套基于JVM的项目构建工具,它支持maven、Ivy仓库等。 com.gradle.plugin-publish 0.11.0之前版本中存在安全漏洞。攻击者可利用该漏洞替换最近上传的插件。
CVSS Information
N/A
Vulnerability Type
N/A