CVE-2019-11404

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11404

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11404.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11404

Aliases

GHSA-rcj2-vvjx-87pm

Published

2019-04-22T11:29:04Z

Modified

2024-05-14T06:42:22.071097Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

References

Affected packages

Git / github.com/arrow-kt/arrow

Affected ranges

Type: GIT
Repo: https://github.com/arrow-kt/arrow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

74198dab522393487d5344f194dc21208ab71ae8

Affected versions

0.*

0.2.5

0.3.10

0.3.11

0.3.2

0.3.3

0.3.4

0.3.5

0.3.8

0.3.9

0.4.0

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

v0.*

v0.2

v0.2.6

v0.2.7

v0.3.0

v0.3.1