CVE-2019-11404
First published: Sun Apr 21 2019(Updated: )
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arrow | <0.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11404?
CVE-2019-11404 has a medium severity rating due to the potential for MITM attacks exploiting unencrypted HTTP connections.
How do I fix CVE-2019-11404?
To fix CVE-2019-11404, update to Arrow version 0.9.0 or later to ensure that Gradle build artifacts are resolved over HTTPS.
Who is affected by CVE-2019-11404?
Any users of Arrow versions prior to 0.9.0 are affected by CVE-2019-11404 due to the reliance on HTTP for artifact resolution.
What type of attacks can exploit CVE-2019-11404?
CVE-2019-11404 can be exploited through Man-in-the-Middle (MITM) attacks, allowing attackers to compromise build artifacts.
What are the consequences of CVE-2019-11404?
The consequence of CVE-2019-11404 is that maliciously altered dependencies could be included in a build, potentially compromising applications.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arrow-kt
- canonical/arrow