CNNVD-202601-2722 Information
CNNVD ID
CNNVD-202601-2722
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
Gradle是美国Gradle公司的一套基于JVM的项目构建工具,它支持maven、Ivy仓库等。 Gradle 9.3.0之前版本存在安全漏洞,该漏洞源于依赖解析时未将某些异常视为致命错误,可能导致从不同仓库解析恶意构件。
Description (English)
Gradle is a project construction tool based on JVM of the United States company Gradle, which supports maven, Ivy warehouses, etc. There was a security loophole in the pre-Gradle 9.3.0 version, which stemmed from reliance on the resolution without considering certain anomalies as fatal errors, which could lead to the analysis of malicious components from different warehouses.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Gradle
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/gradle/gradle/commit/e5707d0d8fce3d768c9c489004700d78eab1773a https://github.com/gradle/gradle/security/advisories/GHSA-w78c-w6vf-rw82 https://access.redhat.com/security/cve/cve-2026-22816
Patch
https://github.com/gradle/gradle
Share on: