Vulnerabilties found in gradle-3.4.1-bin.zip


(Sujay) #1

Hi,

I recently found vulnerability associated with gradle binaries from gradle-3.4.1-bin.zip, these are from the included libraries in gradle.
Here i have listed out the vulnerabilities:

commons-collections-3.2.2: CVE-2015-6420
jackson-2.6.6: CVE-2016-3720
taglibs-standard-1.2.5: CVE-2015-0254

Wanted to know if these are known? and their impacts to gradle.