Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gradle 安全漏洞
Vulnerability Description
Gradle是美国Gradle公司的一套基于JVM的项目构建工具,它支持maven、Ivy仓库等。 Gradle Enterprise 在 2021.4.2 之前存在安全漏洞,该漏洞源于默认的内置构建缓存配置允许匿名写访问。如果不手动更改此设置,则对构建缓存具有网络访问权限的恶意行为者可能会在其中填充受操纵的条目,这些条目在构建过程中执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A