CVE issues with Gradle 6.3

We want to use Gradle as our build tool, and for that we share gradle 6.3 with our security team for analysis. However they have raised some CVE in some of the jar files gradle internally using with the gradle 6.3. They have suggested to update those jar files with there latest version. I have tried to replace the jar but post that gradle itself is not working and giving error
Could not create service of type ClassLoaderRegistry using GlobalScopeServices.createClassLoaderRegistry().

Could you please help me to fix these CVEs?

Thanks & Regards,
Shripad Deshpande

Would not the right approach be, to report the CVE affected dependencies as gradle issues? So that the dependencies are bumped and included in a new gradle release?

Could you share the CVE numbers?

Please find below link for the CVE report: