gradle_6: mark very insecure (#352236)

        "x86_64-darwin"

        "x86_64-linux"

        "x86_64-windows"

      ]

      ],

      # Extra attributes to be merged into the resulting derivation's

      # meta attribute.

      meta ? {}

    }:

    { lib

        license = licenses.asl20;

        maintainers = with maintainers; [ lorenzleutgeb liff ];

        mainProgram = "gradle";

      };

      } // meta;

    });

  # NOTE: Default JDKs that are hardcoded below must be LTS versions

    version = "6.9.4";

    hash = "sha256-PiQCKFON6fGHcqV06ZoLqVnoPW7zUQFDgazZYxeBOJo=";

    defaultJava = jdk11;

    meta.knownVulnerabilities = [

      "CVE-2021-29429: '[...]files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle[...]'"

      "CVE-2021-29427: '[...]there is a vulnerability which can lead to information disclosure and/or dependency poisoning[...] In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file.'"

      "CVE-2021-29428: '[...]the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.'"

      "CVE-2021-32751: '[...]start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script[...]'"

    ];

  };

  wrapGradle = {