CVE-2019-11404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-311 Missing Encryption of Sensitive Data
Publication date:
22/04/2019
Last modified:
24/08/2020

Description

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:arrow-kt:arrow:*:*:*:*:*:*:*:* 0.9.0 (excluding)