CVE-2019-3801

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3801

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3801.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3801

Published

2019-04-25T21:29:00.823Z

Modified

2026-04-10T04:18:06.879170Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

References

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/cf-deployment

Events

Introduced

Fixed

17586d6fbc55755682645d0435e81659aec25cfa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.9.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/cloudfoundry/uaa-release

Events

Introduced

Fixed

f34df0ec7b065d4f9de2c952e117df1b7f1134b8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "64.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/pivotal/credhub-release

Events

Introduced

Fixed

3142792143c79108cb37649f198f2b4e7b4b7b04

Introduced

21b2c72dcf4e5a1f7106e3ea3cd81c21e3ee9bd7

Fixed

856bce8f6fc3a3ec8e11f68a4b4bd57f98a87aa9

Database specific

{
    "versions": [
        {
            "introduced": "1.9"
        },
        {
            "fixed": "1.9.10"
        },
        {
            "introduced": "2.1"
        },
        {
            "fixed": "2.1.3"
        }
    ]
}

Affected versions

1.*

1.7.9

1.9.8

1.9.9

2.*

2.0.4

2.1.0

2.1.1

2.1.2

2.1.3

Other

ci-upgrade

v10

v11

v12

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v31

v53

v55

v56

v57

v58

v59

v60

v0.*

v0.0.0

v0.0.1

v0.0.2

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.2.0

v0.2.1

v0.2.2

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.5.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v12.*

v12.3

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

v3.6.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v5.*

v5.0.0

v5.1.0

v5.3.0

v5.4.0

v5.5.0

v6.*

v6.0.0

v6.1.0

v6.10.0

v6.2.0

v6.3.0

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v7.*

v7.0.0

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.6.0

v7.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3801.json"