CNNVD-202601-4851 Information

CNNVD ID

CNNVD-202601-4851

Related CVE

CVE-2026-25063

• CNNVD Published: 2026-01-29

Description (Chinese)

gradle-completion是Gradle开源的一个自动补全工具。 gradle-completion 9.3.0及之前版本存在安全漏洞，该漏洞源于对Gradle任务名称和描述清理不足，可能导致命令注入和任意代码执行。

Description (English)

Gradle-complement is an automatic completion tool for the Gradle open source. There is a security loophole in Gradle-complement 9.3.0 and previous versions, which stems from inadequate clean-up of Gradle ’ s mission name and description, which may lead to command injection and arbitrary code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gradle

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/gradle/gradle-completion/commit/ecacc32bb882210e5d37cd79a74de1af0d0ccad7 https://github.com/gradle/gradle-completion/security/advisories/GHSA-qggc-44r3-cjgv https://access.redhat.com/security/cve/cve-2026-25063

Patch

https://github.com/gradle/gradle-completion/releases