Vulnerabilities

CVE-2019-11065

by Fred · 09/04/2019

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Date published : 2019-04-09

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/

Similar

Tags: Cybersecurity Alert