CVE-2021-32700

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32700
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32700.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32700
Related
  • GHSA-f5qg-fqrw-v5ww
Published
2021-06-22T20:15:08Z
Modified
2025-01-15T01:56:25.466115Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.

References

Affected packages

Git / github.com/ballerina-platform/ballerina-lang

Affected ranges

Type
GIT
Repo
https://github.com/ballerina-platform/ballerina-lang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.8.0
v0.8.0-RC2
v0.8.2-RC1
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.90
v0.91
v0.92
v0.93
v0.94.0-M1
v0.95.0
v0.95.7
v0.95.8
v0.96.0
v0.961.0
v0.963.0
v0.964.0
v0.970.0
v0.970.0-SNAPSHOT.180329212739
v0.970.0-SNAPSHOT.1803302831
v0.970.0-alpha0
v0.970.0-alpha2
v0.970.0-alpha3
v0.970.0-alpha4
v0.970.0-alpha5
v0.970.0-beta0
v0.970.0-beta1
v0.970.0-beta10
v0.970.0-beta11
v0.970.0-beta12
v0.970.0-beta13
v0.970.0-beta14
v0.970.0-beta15
v0.970.0-beta16
v0.970.0-beta17
v0.970.0-beta18
v0.970.0-beta19
v0.970.0-beta3
v0.970.0-beta4
v0.970.0-beta5
v0.970.0-beta6
v0.970.0-beta7
v0.970.0-beta8
v0.970.0-beta9
v0.970.0-rc1
v0.970.1
v0.971.0
v0.972.0
v0.973.0
v0.974.0
v0.975.0
v0.976.0
v0.980.0
v0.980.1
v0.981.0
v0.981.1
v0.982.0
v0.983.0
v0.990.0
v0.990.1
v0.990.2
v0.990.3
v0.992.0-m1
v0.992.0-m4
v0.992.0-m5

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-alpha2
v1.0.0-alpha3
v1.0.0-beta
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.0-alpha
v1.1.0-beta
v1.1.0-beta2
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9