CVE-2019-16370

Published September 16th, 2019

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.

gradle/gradle

Adaptable, fast automation for all

GitHub

18.7K