CVE-2019-17560

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-17560

Aliases

GHSA-7c2m-vwxw-5qww

Downstream

DEBIAN-CVE-2019-17560

UBUNTU-CVE-2019-17560

Published

2020-03-30T19:15:15Z

Modified

2025-10-14T16:54:15.812798Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

References

Affected packages

Git / github.com/apache/netbeans

Affected ranges

Type: GIT
Repo: https://github.com/apache/netbeans
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d04fb24027334c4b6fd8397b5d0cdd33187a8f54

Type: GIT
Repo: https://github.com/graalvm/graalvm-ce-builds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1ebb60f5d73c0a82424003ee6ff22fb7bf163efe

Last affected

6c1e8e199e171761b388b0f15afadfba0b552abc

Affected versions

11.*

11.2

11.2-beta1

11.2-beta2

11.2-beta3

11.2-vc1

9.*

9.0-alpha-rc2

9.0-beta-rc1

9.0-beta-rc2

9.0-beta-rc3

9.0-rc1-rc1

vm-19.*

vm-19.3.2

vm-19.3.2-pre

vm-20.*

vm-20.0.1

vm-20.1.0