CVE-2019-11404

Exploit

EPSS 1.14%
Veröffentlicht 22.04.2019 11:29:04
Zuletzt bearbeitet 21.11.2024 04:21:02
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arrow-kt ≫ Arrow Version < 0.9.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.14%	0.623

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
cve@mitre.org	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://github.com/arrow-kt/ank/issues/35

Patch

Third Party Advisory

Exploit

https://github.com/arrow-kt/ank/pull/36

Patch

Third Party Advisory

https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8

Patch

Third Party Advisory

https://github.com/arrow-kt/arrow/issues/1310

Third Party Advisory

Exploit

https://github.com/arrow-kt/arrow/releases/tag/0.9.0

Third Party Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-11404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11404

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-11404