CVE-2019-11404

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11404

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11404.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11404

Aliases

GHSA-rcj2-vvjx-87pm

Published

2019-04-22T11:29:04.580Z

Modified

2026-02-13T01:38:56.894730Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

References

Affected packages

Git / github.com/arrow-kt/arrow

Affected ranges

Type: GIT
Repo: https://github.com/arrow-kt/arrow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

617af4cda1897741c8a7c6387695028176b48a4f

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

74198dab522393487d5344f194dc21208ab71ae8

Affected versions

0.*

0.2.5

0.3.10

0.3.11

0.3.2

0.3.3

0.3.4

0.3.5

0.3.8

0.3.9

0.4.0

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

v0.*

v0.2

v0.2.6

v0.2.7

v0.3.0

v0.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11404.json"