8.1

CVE-2019-11404

Exploit

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

Data is provided by the National Vulnerability Database (NVD)
Arrow-ktArrow Version < 0.9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.32% 0.519
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
cve@mitre.org 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://github.com/arrow-kt/ank/issues/35
Patch
Third Party Advisory
Exploit
https://github.com/arrow-kt/ank/pull/36
Patch
Third Party Advisory
https://github.com/arrow-kt/arrow/issues/1310
Third Party Advisory
Exploit
https://github.com/arrow-kt/arrow/releases/tag/0.9.0
Third Party Advisory
Release Notes