{"id":"CVE-2019-16370","details":"The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.","aliases":["GHSA-hhr2-f668-ff2w"],"modified":"2026-03-20T11:29:29.190050Z","published":"2019-09-16T18:15:12.190Z","related":["openSUSE-SU-2024:10817-1"],"references":[{"type":"FIX","url":"https://github.com/gradle/gradle/pull/10543"},{"type":"FIX","url":"https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gradle/gradle","events":[{"introduced":"0"},{"fixed":"0a5b531749138f2f983f7c888fa7790bfc52d88a"},{"fixed":"425b2b7a50cd84106a77cdf1ab665c89c6b14d2f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.0"}]}}],"versions":["REL-0.8","REL-0.9-preview-1","REL-0.9-preview-2","REL-0.9-preview-3","REL-0.9-rc-1","REL_0.9","REL_0.9-rc-2","REL_0.9-rc-3","REL_0.9.1","REL_0.9.2","REL_1.0","REL_1.0-milestone-1","REL_1.0-milestone-2","REL_1.0-milestone-3","REL_1.0-milestone-4","REL_1.0-milestone-5","REL_1.0-milestone-6","REL_1.0-milestone-7","REL_1.0-milestone-8","REL_1.0-milestone-8a","REL_1.0-milestone-9","REL_1.0-rc-1","REL_1.0-rc-2","REL_1.0-rc-3","REL_1.1","REL_1.1-rc-1","REL_1.1-rc-2","REL_1.10","REL_1.10-rc-1","REL_1.10-rc-2","REL_1.11","REL_1.11-rc-1","REL_1.12","REL_1.12-rc-1","REL_1.12-rc-2","REL_1.2","REL_1.2-rc-1","REL_1.3","REL_1.3-rc-1","REL_1.3-rc-2","REL_1.4","REL_1.4-rc-1","REL_1.4-rc-2","REL_1.4-rc-3","REL_1.5","REL_1.5-rc-1","REL_1.5-rc-2","REL_1.5-rc-3","REL_1.6","REL_1.6-rc-1","REL_1.7","REL_1.7-rc-1","REL_1.7-rc-2","REL_1.8","REL_1.8-rc-1","REL_1.8-rc-2","REL_1.9","REL_1.9-rc-1","REL_1.9-rc-2","REL_1.9-rc-3","REL_1.9-rc-4","REL_2.0","REL_2.0-rc-1","REL_2.0-rc-2","REL_2.1","REL_2.1-rc-1","REL_2.1-rc-2","REL_2.1-rc-3","REL_2.1-rc-4","REL_2.10","REL_2.10-rc-1","REL_2.10-rc-2","REL_2.11","REL_2.11-rc-1","REL_2.11-rc-2","REL_2.11-rc-3","REL_2.12","REL_2.12-rc-1","REL_2.13","REL_2.13-rc-1","REL_2.13-rc-2","REL_2.14","REL_2.14-rc-1","REL_2.14-rc-2","REL_2.14-rc-3","REL_2.14-rc-4","REL_2.14-rc-5","REL_2.14-rc-6","REL_2.14.1","REL_2.14.1-rc-1","REL_2.14.1-rc-2","REL_2.2","REL_2.2-rc-1","REL_2.2-rc-2","REL_2.2.1","REL_2.2.1-rc-1","REL_2.3","REL_2.3-rc-1","REL_2.3-rc-2","REL_2.3-rc-3","REL_2.3-rc-4","REL_2.4","REL_2.4-rc-1","REL_2.4-rc-2","REL_2.5","REL_2.5-rc-1","REL_2.5-rc-2","REL_2.6","REL_2.6-rc-1","REL_2.6-rc-2","REL_2.7","REL_2.7-rc-1","REL_2.7-rc-2","REL_2.8","REL_2.8-rc-1","REL_2.8-rc-2","REL_2.9","REL_2.9-rc-1","REL_3.0","REL_3.0-milestone-1","REL_3.0-milestone-2","REL_3.0-rc-1","REL_3.0-rc-2","REL_3.1","REL_3.1-rc-1","REL_3.2","REL_3.2-rc-1","REL_3.2-rc-2","REL_3.2-rc-3","REL_3.2.1","REL_3.3","REL_3.3-rc-1","REL_3.4","REL_3.4-rc-2","REL_3.4-rc-3","REL_3.4.1","REL_3.5","REL_3.5-rc-1","REL_3.5-rc-2","REL_3.5-rc-3","REL_3.5.1","REL_4.0","REL_4.0-milestone-1","REL_4.0-milestone-2","REL_4.0-rc-1","REL_4.0-rc-2","REL_4.0-rc-3","REL_4.0.1","REL_4.0.2","REL_4.1","REL_4.1-milestone-1","REL_4.1-rc-1","REL_4.1-rc-2","REL_4.2","REL_4.2-rc-1","REL_4.2-rc-2","REL_4.2.1","REL_4.3","REL_4.3-rc-1","REL_4.3-rc-2","REL_4.3-rc-3","REL_4.3-rc-4","REL_4.3.1","REL_4.4","REL_4.4-rc-1","REL_4.4-rc-2","REL_4.4-rc-3","REL_4.4-rc-4","REL_4.4-rc-5","REL_4.4-rc-6","v0.8","v0.8.0","v0.9","v0.9-RC1","v0.9-RC2","v0.9-RC3","v0.9.0","v0.9.0-RC1","v0.9.0-RC2","v0.9.0-RC3","v0.9.1","v0.9.2","v1.0","v1.0-M1","v1.0-M2","v1.0-M3","v1.0-M4","v1.0-M5","v1.0-M6","v1.0-M7","v1.0-M8","v1.0-M8a","v1.0-M9","v1.0-RC1","v1.0-RC2","v1.0-RC3","v1.0.0","v1.0.0-M1","v1.0.0-M2","v1.0.0-M3","v1.0.0-M4","v1.0.0-M5","v1.0.0-M6","v1.0.0-M7","v1.0.0-M8","v1.0.0-M8a","v1.0.0-M9","v1.0.0-RC1","v1.0.0-RC2","v1.0.0-RC3","v1.1","v1.1-RC1","v1.1-RC2","v1.1.0","v1.1.0-RC1","v1.1.0-RC2","v1.10","v1.10-RC1","v1.10-RC2","v1.10.0","v1.10.0-RC1","v1.10.0-RC2","v1.11","v1.11-RC1","v1.11.0","v1.11.0-RC1","v1.12","v1.12-RC1","v1.12-RC2","v1.12.0","v1.12.0-RC1","v1.12.0-RC2","v1.2","v1.2-RC1","v1.2.0","v1.2.0-RC1","v1.3","v1.3-RC1","v1.3-RC2","v1.3.0","v1.3.0-RC1","v1.3.0-RC2","v1.4","v1.4-RC1","v1.4-RC2","v1.4-RC3","v1.4.0","v1.4.0-RC1","v1.4.0-RC2","v1.4.0-RC3","v1.5","v1.5-RC1","v1.5-RC2","v1.5-RC3","v1.5.0","v1.5.0-RC1","v1.5.0-RC2","v1.5.0-RC3","v1.6","v1.6-RC1","v1.6.0","v1.6.0-RC1","v1.7","v1.7-RC1","v1.7-RC2","v1.7.0","v1.7.0-RC1","v1.7.0-RC2","v1.8","v1.8-RC1","v1.8-RC2","v1.8.0","v1.8.0-RC1","v1.8.0-RC2","v1.9","v1.9-RC1","v1.9-RC2","v1.9-RC3","v1.9-RC4","v1.9.0","v1.9.0-RC1","v1.9.0-RC2","v1.9.0-RC3","v1.9.0-RC4","v2.0","v2.0-RC1","v2.0-RC2","v2.0.0","v2.0.0-RC1","v2.0.0-RC2","v2.1","v2.1-RC1","v2.1-RC2","v2.1-RC3","v2.1-RC4","v2.1.0","v2.1.0-RC1","v2.1.0-RC2","v2.1.0-RC3","v2.1.0-RC4","v2.10","v2.10-RC1","v2.10-RC2","v2.10.0","v2.10.0-RC1","v2.10.0-RC2","v2.11","v2.11-RC1","v2.11-RC2","v2.11-RC3","v2.11.0","v2.11.0-RC1","v2.11.0-RC2","v2.11.0-RC3","v2.12","v2.12-RC1","v2.12.0","v2.12.0-RC1","v2.13","v2.13-RC1","v2.13-RC2","v2.13.0","v2.13.0-RC1","v2.13.0-RC2","v2.14","v2.14-RC1","v2.14-RC2","v2.14-RC3","v2.14-RC4","v2.14-RC5","v2.14-RC6","v2.14.0","v2.14.0-RC1","v2.14.0-RC2","v2.14.0-RC3","v2.14.0-RC4","v2.14.0-RC5","v2.14.0-RC6","v2.14.1","v2.14.1-RC1","v2.14.1-RC2","v2.2","v2.2-RC1","v2.2-RC2","v2.2.0","v2.2.0-RC1","v2.2.0-RC2","v2.2.1","v2.2.1-RC1","v2.3","v2.3-RC1","v2.3-RC2","v2.3-RC3","v2.3-RC4","v2.3.0","v2.3.0-RC1","v2.3.0-RC2","v2.3.0-RC3","v2.3.0-RC4","v2.4","v2.4-RC1","v2.4-RC2","v2.4.0","v2.4.0-RC1","v2.4.0-RC2","v2.5","v2.5-RC1","v2.5-RC2","v2.5.0","v2.5.0-RC1","v2.5.0-RC2","v2.6","v2.6-RC1","v2.6-RC2","v2.6.0","v2.6.0-RC1","v2.6.0-RC2","v2.7","v2.7-RC1","v2.7-RC2","v2.7.0","v2.7.0-RC1","v2.7.0-RC2","v2.8","v2.8-RC1","v2.8-RC2","v2.8.0","v2.8.0-RC1","v2.8.0-RC2","v2.9","v2.9-RC1","v2.9.0","v2.9.0-RC1","v3.0.0","v3.0.0-M1","v3.0.0-M2","v3.0.0-RC1","v3.0.0-RC2","v3.1.0","v3.1.0-RC1","v3.2.0","v3.2.0-RC1","v3.2.0-RC2","v3.2.0-RC3","v3.2.1","v3.3.0","v3.3.0-RC1","v3.4.0","v3.4.0-RC1","v3.4.0-RC2","v3.4.0-RC3","v3.4.1","v3.5.0","v3.5.0-RC1","v3.5.0-RC2","v3.5.0-RC3","v3.5.1","v4.0.0","v4.0.0-M1","v4.0.0-M2","v4.0.0-RC1","v4.0.0-RC2","v4.0.0-RC3","v4.0.0-milestone-1","v4.0.1","v4.0.2","v4.1.0","v4.1.0-M1","v4.1.0-RC1","v4.1.0-RC2","v4.10.0","v4.10.0-RC1","v4.10.0-RC2","v4.10.0-RC3","v4.10.1","v4.10.2","v4.2.0","v4.2.0-RC1","v4.2.0-RC2","v4.2.1","v4.3.0","v4.3.0-RC1","v4.3.0-RC2","v4.3.0-RC3","v4.3.0-RC4","v4.3.1","v4.4.0","v4.4.0-RC1","v4.4.0-RC2","v4.4.0-RC3","v4.4.0-RC4","v4.4.0-RC5","v4.4.0-RC6","v4.4.1","v4.5.0","v4.5.0-RC1","v4.5.0-RC2","v4.5.1","v4.6.0","v4.6.0-RC1","v4.6.0-RC2","v4.7.0","v4.7.0-RC1","v4.7.0-RC2","v4.8.0","v4.8.0-RC1","v4.8.0-RC2","v4.8.0-RC3","v4.8.1","v4.9.0","v4.9.0-RC1","v4.9.0-RC2","v5.0.0","v5.0.0-M1","v5.0.0-RC1","v5.0.0-RC2","v5.0.0-RC3","v5.0.0-RC4","v5.0.0-RC5","v5.1.0","v5.1.0-M1","v5.1.0-RC1","v5.1.0-RC2","v5.1.0-RC3","v5.1.1","v5.2.0","v5.2.0-RC1","v5.2.1","v5.3.0","v5.3.0-RC1","v5.3.0-RC2","v5.3.0-RC3","v5.3.1","v5.4.0","v5.4.0-RC1","v5.4.1","v5.5.0","v5.5.0-RC1","v5.5.0-RC2","v5.5.0-RC3","v5.5.0-RC4","v5.5.1","v5.6.0","v5.6.0-RC1","v5.6.0-RC2","v5.6.1","v5.6.2","v5.6.3","v5.6.4","v6.0.0-RC1","v6.0.0-RC2","v6.0.0-RC3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16370.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}