The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-16T17:50:28

Updated: 2024-08-05T01:10:41.829Z

Reserved: 2019-09-16T00:00:00

Link: CVE-2019-16370

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-16T18:15:12.190

Modified: 2024-11-21T04:30:35.267

Link: CVE-2019-16370

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-09-16T00:00:00Z

Links: CVE-2019-16370 - Bugzilla