CVE-2019-17560
First published: Mon Mar 30 2020(Updated: )
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache NetBeans | <=11.2 | |
| Oracle GraalVM | =19.3.2 | |
| Oracle GraalVM | =20.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/event
- vendor/apache
- canonical/apache netbeans
- version/apache netbeans/11.2
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/19.3.2
- version/oracle graalvm/20.1.0