Low
CVE-2024-5899
When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the meth…
Tag: Bazel
All CVEs associated with "Bazel". Page 1/1 • 3 CVEs.
About “Bazel”
A curated feed of “Bazel”-related CVEs appears below. We currently track 3 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 5.3 (all time), and 33% are rated High/Critical (all time). Top CWEs (all time): CWE-862 - Missing Authorization, CWE-522 - Insufficiently Protected Credentials, CWE-73 - External Control of File Name or Path.
In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: bazel
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | EOL | LTS |
|---|---|---|---|---|---|
| 9 | 9.1.0 | Unavailable | LTS | ||
| 8 | 8.7.0 | LTS | |||
| 7 | 7.7.1 | LTS | |||
| 6 | 6.6.0 | Expired | LTS | ||
| 5 | 5.4.1 | Expired | LTS | ||
| 4 | 4.2.4 | Expired | LTS |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Bazel” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-06-18
2022-10-26
Medium
CVE-2022-3474
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upg…
2021-04-16
High
CVE-2021-22539
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As…