DNA View

CVE-2019-11065

Medium

Low Medium High Critical

5.9

CVSS Score

Published: Apr 10, 2019

Last Modified: Nov 21, 2024

CWE: NVD-CWE-noinfo

Vulnerability Description

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.9

out of 10.0

Medium

Weakness Type (CWE)

NVD-CWE-noinfo

View CWE Details on MITRE

Key Information

Published Date: April 10, 2019

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

CVE-2019-11065

Vulnerability Description

CVSS Metrics

Known Affected Software

fedoraproject

Available Security Patches

CPUJAN2025

References & Resources

Severity Details

Weakness Type (CWE)

Key Information

External Resources