N/A

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations.

N/A

N/A

Gradle 路径遍历漏洞

Gradle是美国Gradle公司的一套基于JVM的项目构建工具，它支持maven、Ivy仓库等。 多款 Gradle 代码库存在路径遍历漏洞，该漏洞使用精心构建的tar包提取到任意文件系统位置，以下产品及型号收到影响： gradle-enterprise-test-distribution-agent 1.3.2 之前版本, test-distribution-gradle-plugin 1.3.2 之前版本, gradle-enterprise-maven-extension 1.8.2 之前版本。

N/A

N/A