Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11065

Опубликовано: 10 апр. 2019
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
Версия от 1.4 (включая) до 5.3.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

EPSS

Процентиль: 58%
0.00363
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2019-11065

CVSS3: 5.9
ubuntu
почти 7 лет назад

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

redhat логотип

CVE-2019-11065

CVSS3: 8.1
redhat
почти 7 лет назад

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

debian логотип

CVE-2019-11065

CVSS3: 5.9
debian
почти 7 лет назад

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...

github логотип

GHSA-pprq-4488-wgqx

CVSS3: 5.9
github
больше 3 лет назад

Insecure transport protocol in Gradle

EPSS

Процентиль: 58%
0.00363
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo