CVE-2019-11404
Severity CVSS v4.0:
Pending analysis
Type:
CWE-311
Missing Encryption of Sensitive Data
Publication date:
22/04/2019
Last modified:
24/08/2020
Description
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:arrow-kt:arrow:*:*:*:*:*:*:*:* | 0.9.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page