A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations.
References
Link | Resource |
---|---|
https://security.gradle.com/advisory/CVE-2021-26719 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-09T13:43:49
Updated: 2021-02-09T13:43:49
Reserved: 2021-02-05T00:00:00
Link: CVE-2021-26719
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-09T14:15:17.577
Modified: 2021-02-12T19:37:01.247
Link: CVE-2021-26719
JSON object: View
Redhat Information
No data.
CWE