GHSA-cf8q-j9h3-7237

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cf8q-j9h3-7237/GHSA-cf8q-j9h3-7237.json

Aliases

CVE-2019-17561

Published

2022-05-24T17:12:56Z

Modified

2023-04-11T01:43:44.376505Z

Details

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started may also be affected.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-17561
https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E
https://www.oracle.com/security-alerts/cpujul2020.html

Affected packages

Maven / org.codehaus.mevenide:netbeans

org.codehaus.mevenide:netbeans

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Last affected

3.1.4

Affected versions

1.*

1.2

1.3

1.4

3.*

3.0.10

3.0.12

3.0.9

3.1.1

3.1.4