Google Bazel
By the Year
In 2023 there have been 0 vulnerabilities in Google Bazel . Last year Bazel had 1 security vulnerability published. Right now, Bazel is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.30 |
| 2021 | 1 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Bazel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Bazel Security Vulnerabilities
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests
CVE-2022-3474
4.3 - Medium
- October 26, 2022
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.
Insufficiently Protected Credentials
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable
CVE-2021-22539
7.8 - High
- April 16, 2021
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.
Exposure of Resource to Wrong Sphere
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Bazel or by Google? Click the Watch button to subscribe.
