Free Trial

Gradle up to 7.1 on Unix application/gradlew os command injection

A vulnerability was found in Gradle up to 7.1 on Unix. It has been declared as critical. Affected by this vulnerability is an unknown function of the component application/gradlew. Upgrading to version 7.2 eliminates this vulnerability.

Description [CVE202132751]

A vulnerability was found in Gradle up to 7.1 on Unix. It has been declared as critical. Affected by this vulnerability is an unknown function of the component application/gradlew. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-78.

As an impact it is known to affect confidentiality, integrity, and availability.

Base Score: 7.5 [HIGH]
Vector:  CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Class: Privilege escalation
Remote: Yes
Products: gradle

Mitigation:

Upgrade to 7.2 version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-49820 : IBM SECURITY GUARDIUM KEY LIFECYCLE MANAGER 4.1/4.1.1/4.2.0/4.2.1 CLEARTEXT TRANSMISSION

CVE-2024-49820 : IBM SECURITY GUARDIUM KEY LIFECYCLE MANAGER 4.1/4.1.1/4.2.0/4.2.1 CLEARTEXT TRANSMISSION

Description IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive

Learn more
CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This

Learn more
CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Learn more