Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
References
Configurations
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-04-10 00:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-11065
Mitre link : CVE-2019-11065
CVE.ORG link : CVE-2019-11065
JSON object : View
Products Affected
gradle
- gradle
fedoraproject
- fedora
CWE