CVE-ID ------ CVE-2020-11986 Summary ------- Opening a Gradle project with Apache NetBeans executes foreign script immediately
Versions Affected: ------------------ - All Apache NetBeans versions up to and including 12.0 - NetBeans releases before the Apache transition started may be also affected Description: ------------ To be able to analyse a gradle project, the build script needs to be executed. Apache NetBeans follows this pattern and does not allow the user to intercept/prevent the execution. Mitigation: ----------- - Only open trusted gradle projects with NetBeans - Update to NetBeans 12.0-u1 Credit: ------- The problem was identified by Emilian Bold --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
