CVE-2019-17561

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17561.json
Aliases
Published
2020-03-30T19:15:15Z
Modified
2023-11-29T07:18:46.064637Z
Details

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

References

Affected packages

Git / github.com/apache/netbeans

Affected ranges

Type
GIT
Repo
https://github.com/apache/netbeans
Events
Introduced
0The exact introduced commit is unknown
Last affected
d04fb24027334c4b6fd8397b5d0cdd33187a8f54
Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0The exact introduced commit is unknown
Last affected
6c1e8e199e171761b388b0f15afadfba0b552abc
Last affected
1ebb60f5d73c0a82424003ee6ff22fb7bf163efe

Affected versions

11.*

11.2
11.2-beta1
11.2-beta2
11.2-beta3
11.2-vc1

9.*

9.0-alpha-rc2
9.0-beta-rc1
9.0-beta-rc2
9.0-beta-rc3
9.0-rc1-rc1

vm-19.*

vm-19.3.2-pre