VYPR
Moderate severityOSV Advisory· Published Apr 9, 2019· Updated Aug 4, 2024

CVE-2019-11065

CVE-2019-11065

Description

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.gradle:gradle-coreMaven
>= 1.4, < 5.4.05.4.0

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.