CVE issues with Gradle 6.3

shripad207 · April 7, 2020, 7:44am

Hi,
We want to use Gradle as our build tool, and for that we share gradle 6.3 with our security team for analysis. However they have raised some CVE in some of the jar files gradle internally using with the gradle 6.3. They have suggested to update those jar files with there latest version. I have tried to replace the jar but post that gradle itself is not working and giving error
Could not create service of type ClassLoaderRegistry using GlobalScopeServices.createClassLoaderRegistry().

Could you please help me to fix these CVEs?

Thanks & Regards,
Shripad Deshpande

flow · April 7, 2020, 11:08am

Would not the right approach be, to report the CVE affected dependencies as gradle issues? So that the dependencies are bumped and included in a new gradle release?

Could you share the CVE numbers?

shripad207 · April 15, 2020, 5:41am

Please find below link for the CVE report:

Topic		Replies	Views
Gradle and CVE_2020-7692 Help/Discuss	0	411	September 4, 2020
CVE-2016-9878 Spring grade plugin Help/Discuss	1	198	February 5, 2024
Vulnerabilties found in gradle-3.4.1-bin.zip Help/Discuss	0	691	March 27, 2017
Security alerts for built-in Gradle plugins Help/Discuss	0	624	March 31, 2022
Please fix issue GRADLE-2723 Bugs	0	848	February 1, 2016

CVE issues with Gradle 6.3

Related Topics