{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","type":"deb","namespace":"debian","name":"gradle","version":"4.4.1-23","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42378?format=json","vulnerability_id":"VCID-3smn-2dhh-8fcm","summary":"False Positive\nThis issue has been marked as a false positive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23630","reference_id":"","reference_type":"","scores":[{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70238","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70231","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.7022","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70209","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23630"},{"reference_url":"https://docs.gradle.org/7.4/release-notes.html","reference_id":"","reference_type":"","scores":[],"url":"https://docs.gradle.org/7.4/release-notes.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23630","reference_id":"CVE-2022-23630","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23630"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr","reference_id":"GHSA-9pf5-88jw-3qgr","reference_type":"","scores":[],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97725?format=json","purl":"pkg:deb/debian/gradle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2022-23630","GHSA-9pf5-88jw-3qgr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3smn-2dhh-8fcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71619?format=json","vulnerability_id":"VCID-51xa-27mq-nudp","summary":"Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.  In net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.  Gradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, relying on copying the binaries to the system temporary directory. Any execution of Gradle exposed this exploit. Users of Windows or modern versions of macOS are not vulnerable, nor are users of a Unix-like operating system with the \"sticky\" bit set or `noexec` on their system temporary directory vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 release also upgrades to a version of the native library that no longer has that bug. Some workarounds are available. On Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those who are are unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property java.io.tmpdir. The new path needs to limit permissions to the build user only.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27148.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27148.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27148","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15693","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15812","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15802","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1576","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15675","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27148"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347588","reference_id":"2347588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347588"},{"reference_url":"https://github.com/gradle/gradle/pull/32025","reference_id":"32025","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/gradle/pull/32025"},{"reference_url":"https://github.com/gradle/native-platform/pull/353","reference_id":"353","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/native-platform/pull/353"},{"reference_url":"https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems","reference_id":"Fstab#Options_common_to_all_filesystems","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems"},{"reference_url":"https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8","reference_id":"GHSA-2xxp-vw2f-p3x8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r","reference_id":"GHSA-465q-w4mf-4f4r","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336","reference_id":"GHSA-89qm-pxvm-p336","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"},{"reference_url":"https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78","reference_id":"NativeLibraryLocator.java#L68-L78","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78"},{"reference_url":"https://en.wikipedia.org/wiki/Sticky_bit","reference_id":"Sticky_bit","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T21:14:39Z/"}],"url":"https://en.wikipedia.org/wiki/Sticky_bit"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97725?format=json","purl":"pkg:deb/debian/gradle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2025-27148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51xa-27mq-nudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71617?format=json","vulnerability_id":"VCID-7vy8-pvmg-6yh6","summary":"ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6199.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6199","reference_id":"","reference_type":"","scores":[{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84894","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84918","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02251","scoring_system":"epss","scoring_elements":"0.84922","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420339","reference_id":"1420339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420339"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97720?format=json","purl":"pkg:deb/debian/gradle@2.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@2.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2016-6199"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vy8-pvmg-6yh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44563?format=json","vulnerability_id":"VCID-pytq-32rd-cuap","summary":"False Positive\nThis issue has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26053.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26053","reference_id":"","reference_type":"","scores":[{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71555","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71587","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71599","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71606","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71582","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71566","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26053"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T21:15:32Z/"}],"url":"https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174854","reference_id":"2174854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174854"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26053","reference_id":"CVE-2023-26053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26053"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf","reference_id":"GHSA-c724-3xg7-g3hf","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T21:15:32Z/"}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230413-0002/","reference_id":"ntap-20230413-0002","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T21:15:32Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230413-0002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97725?format=json","purl":"pkg:deb/debian/gradle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2023-26053","GHSA-c724-3xg7-g3hf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pytq-32rd-cuap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40895?format=json","vulnerability_id":"VCID-teg7-x1kk-2yfs","summary":"False Positive\nThis issue has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11065.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11065","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57743","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57688","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57739","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57748","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57738","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57726","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11065"},{"reference_url":"https://github.com/gradle/gradle","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle"},{"reference_url":"https://github.com/gradle/gradle/pull/8927","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/pull/8927"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698508","reference_id":"1698508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1698508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926923","reference_id":"926923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926923"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11065","reference_id":"CVE-2019-11065","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11065"},{"reference_url":"https://github.com/advisories/GHSA-pprq-4488-wgqx","reference_id":"GHSA-pprq-4488-wgqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pprq-4488-wgqx"},{"reference_url":"https://usn.ubuntu.com/USN-4858-1/","reference_id":"USN-USN-4858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4858-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97724?format=json","purl":"pkg:deb/debian/gradle@4.4.1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2019-11065","GHSA-pprq-4488-wgqx"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-teg7-x1kk-2yfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5536?format=json","vulnerability_id":"VCID-u6kg-6chw-k7fx","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29427.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29427.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29427","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68548","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68594","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68591","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68576","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68597","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29427"},{"reference_url":"https://docs.gradle.org/7.0/release-notes.html#security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://docs.gradle.org/7.0/release-notes.html#security-advisories"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949638","reference_id":"1949638","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949638"},{"reference_url":"https://security.archlinux.org/AVG-1809","reference_id":"AVG-1809","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1809"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29427","reference_id":"CVE-2021-29427","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29427"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395","reference_id":"GHSA-jvmj-rh6q-x395","reference_type":"","scores":[],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4623","reference_id":"RHSA-2022:4623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97725?format=json","purl":"pkg:deb/debian/gradle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2021-29427","GHSA-jvmj-rh6q-x395"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6kg-6chw-k7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71618?format=json","vulnerability_id":"VCID-vqmp-4bb3-syfn","summary":"Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31156.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31156","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40994","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41022","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4107","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41042","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41011","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31156"},{"reference_url":"https://docs.gradle.org/7.5/release-notes.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:29Z/"}],"url":"https://docs.gradle.org/7.5/release-notes.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239399","reference_id":"2239399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239399"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31156","reference_id":"CVE-2022-31156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31156"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j","reference_id":"GHSA-j6wc-xfg8-jx2j","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:29Z/"}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97725?format=json","purl":"pkg:deb/debian/gradle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97721?format=json","purl":"pkg:deb/debian/gradle@4.4.1-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y2mg-x2cw-nqaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2022-31156","GHSA-j6wc-xfg8-jx2j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqmp-4bb3-syfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51815?format=json","vulnerability_id":"VCID-y2mg-x2cw-nqaz","summary":"False Positive\nThis issue has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16370.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16370","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36818","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36873","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36879","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36843","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36805","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36781","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16370"},{"reference_url":"https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f"},{"reference_url":"https://github.com/gradle/gradle/pull/10543","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/pull/10543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1758992","reference_id":"1758992","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1758992"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941186","reference_id":"941186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16370","reference_id":"CVE-2019-16370","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16370"},{"reference_url":"https://github.com/advisories/GHSA-hhr2-f668-ff2w","reference_id":"GHSA-hhr2-f668-ff2w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhr2-f668-ff2w"},{"reference_url":"https://usn.ubuntu.com/USN-4858-1/","reference_id":"USN-USN-4858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4858-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97719?format=json","purl":"pkg:deb/debian/gradle@4.4.1-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97723?format=json","purl":"pkg:deb/debian/gradle@4.4.1-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97722?format=json","purl":"pkg:deb/debian/gradle@4.4.1-23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}],"aliases":["CVE-2019-16370","GHSA-hhr2-f668-ff2w"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2mg-x2cw-nqaz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gradle@4.4.1-23%3Fdistro=trixie"}