Skip to content

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Moderate severity GitHub Reviewed Published Jan 13, 2026 in renovatebot/renovate

No open alerts for this advisory

Give feedback on Dependabot alerts