CNNVD-202601-2721 Information

CNNVD ID

CNNVD-202601-2721

Related CVE

CVE-2026-22865

• CNNVD Published: 2026-01-16

Description (Chinese)

Gradle是美国Gradle公司的一套基于JVM的项目构建工具，它支持maven、Ivy仓库等。 Gradle 9.3.0之前版本存在安全漏洞，该漏洞源于依赖解析时未将某些异常视为致命错误，可能导致从其他仓库解析恶意构件。

Description (English)

Gradle is a project construction tool based on JVM of the United States company Gradle, which supports maven, Ivy warehouses, etc. There was a security loophole in the pre-Gradle 9.3.0 version, which stemmed from reliance on the resolution without considering certain anomalies as fatal errors, which could lead to the analysis of malicious components from other warehouses.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Gradle

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/gradle/gradle/security/advisories/GHSA-mqwm-5m85-gmcv https://access.redhat.com/security/cve/cve-2026-22865

Patch

https://github.com/gradle/gradle