Gradle Completion
Monthly
Arbitrary code execution in gradle-completion versions up to 9.3.0 occurs when users perform Bash tab completion in directories with malicious Gradle build files, as the script fails to sanitize task names and descriptions. A local attacker can inject shell commands through backticks in task descriptions, which are executed automatically during completion without requiring the user to run any Gradle tasks. The vulnerability affects developers using Gradle with bash completion enabled.
Arbitrary code execution in gradle-completion versions up to 9.3.0 occurs when users perform Bash tab completion in directories with malicious Gradle build files, as the script fails to sanitize task names and descriptions. A local attacker can inject shell commands through backticks in task descriptions, which are executed automatically during completion without requiring the user to run any Gradle tasks. The vulnerability affects developers using Gradle with bash completion enabled.