oss-sec mailing list archives
[CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately
From: Matthias Bläsing <mblaesing () doppel-helix eu>
Date: Mon, 07 Sep 2020 16:28:14 +0200
CVE-ID ------ CVE-2020-11986 Summary ------- Opening a Gradle project with Apache NetBeans executes foreign script immediately Versions Affected: ------------------ - All Apache NetBeans versions up to and including 12.0 - NetBeans releases before the Apache transition started may be also affected Description: ------------ To be able to analyse a gradle project, the build script needs to be executed. Apache NetBeans follows this pattern and does not allow the user to intercept/prevent the execution. Mitigation: ----------- - Only open trusted gradle projects with NetBeans - Update to NetBeans 12.0-u1 Credit: ------- The problem was identified by Emilian Bold
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately Matthias Bläsing (Sep 07)