CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-04-10 00:29

Updated : 2020-08-24 17:37


NVD link : CVE-2019-11065

Mitre link : CVE-2019-11065


JSON object : View

Products Affected

fedoraproject

  • fedora

gradle

  • gradle