CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:netbeans:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*

History

27 Apr 2022, 15:14

Type Values Removed Values Added
CWE CWE-20 CWE-347
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*
First Time Oracle graalvm
Oracle

Information

Published : 2020-03-30 19:15

Updated : 2023-12-10 13:27


NVD link : CVE-2019-17561

Mitre link : CVE-2019-17561

CVE.ORG link : CVE-2019-17561


JSON object : View

Products Affected

oracle

  • graalvm

apache

  • netbeans
CWE
CWE-347

Improper Verification of Cryptographic Signature