Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gradle | Gradle | 1.4 | 5.3.1 |