oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately

From: Matthias Bläsing <mblaesing () doppel-helix eu>
Date: Mon, 07 Sep 2020 16:28:14 +0200
CVE-ID
------
CVE-2020-11986

Summary
-------
Opening a Gradle project with Apache NetBeans executes foreign script
immediately

Versions Affected: 
------------------
- All Apache NetBeans versions up to and including 12.0
- NetBeans releases before the Apache transition started may be
  also affected

Description:
------------
To be able to analyse a gradle project, the build script needs to be
executed.
Apache NetBeans follows this pattern and does not allow the user to
intercept/prevent the execution.

Mitigation:
-----------
- Only open trusted gradle projects with NetBeans
- Update to NetBeans 12.0-u1

Credit:
-------
The problem was identified by Emilian Bold

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: