org.gradle:gradle-tooling-api@7.3-20210825160000+0000 vulnerabilities
latest version
7.3-20210825160000+0000
first published
3 years ago
latest version published
3 years ago
licenses detected
- [7.3-20210825160000+0000,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.gradle:gradle-tooling-api package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) that allows files to be written into an unintended location outside the provided Tar unpack location. It also allows reading files outside the intended Tar archive location. An attacker in control of an archive already used by the build or the relevant build configuration can exploit this. It is unlikely that this would go unnoticed. This Zip Slip variant may also be called "Tar Slip". How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? A fix was pushed into the | [0,) |