CVE-2021-41588 · Vexday

CVE-2021-41588

EPSS 0.8%

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.gradle.com/advisory/2021-03