Gradle up to 7.1 on Unix application/gradlew os command injection

A vulnerability was found in Gradle up to 7.1 on Unix. It has been declared as critical. Affected by this vulnerability is an unknown function of the component application/gradlew. Upgrading to version 7.2 eliminates this vulnerability.

Description [CVE–2021–32751]

A vulnerability was found in Gradle up to 7.1 on Unix. It has been declared as critical. Affected by this vulnerability is an unknown function of the component application/gradlew. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-78.

As an impact it is known to affect confidentiality, integrity, and availability.

 http://preferredmode.com/2013/04/16/jason-2/ Base Score: 7.5 [HIGH]
 buy Lyrica in thailand Vector:  CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  Class: Privilege escalation
Remote: Yes
Products: gradle

Mitigation:

Upgrade to 7.2 version.

Contact us to get started

CVE-2024-34515 : SPATIE IMAGE-OPTIMIZER UP TO 1.7.2 PHAR DESERIALIZATION FILE_EXISTS DESERIALIZATION

Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For

Learn more

CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING

Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects

Learn more

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more