Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport release-24.05] gradle_6: mark very insecure #352278

Merged
merged 1 commit into from
Oct 30, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 30, 2024

Bot-based backport to release-24.05, triggered by a label in #352236.

  • Before merging, ensure that this backport is acceptable for the release.
    • Even as a non-commiter, if you find that it is not acceptable, leave a comment.

v6 is vulnerable to a number of vulnerabiliites:
* CVE-2021-29429, affecting confidentiality
* CVE-2021-29427, affecting confidentiality and can lead to dependency poisoning
* CVE-2021-29428, a privilege escalation involving the temp dir
* CVE-2021-32751, arbitrary code execution

(cherry picked from commit 161e9a3)
@github-actions github-actions bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Oct 30, 2024
@github-actions github-actions bot mentioned this pull request Oct 30, 2024
13 tasks
@tomodachi94 tomodachi94 merged commit 0446c3c into release-24.05 Oct 30, 2024
2 of 4 checks passed
@tomodachi94 tomodachi94 deleted the backport-352236-to-release-24.05 branch October 30, 2024 04:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant