Main Vulnerability Database Vulnerabilities #VU76159

OS Command Injection in gradle - CVE-2021-32751

Published: May 15, 2023

Vulnerability identifier: #VU76159

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-32751

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
gradle

Software vendor:
Gradle

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A local user who can modify environment variables is able to execute arbitrary OS commands when executing the "gradlew build" command or start scripts.

Remediation

Install updates from vendor's website.

External links

https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8
https://mywiki.wooledge.org/BashFAQ/048
https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae

OS Command Injection in gradle - CVE-2021-32751

Description

Remediation

External links

Please verify you're human