High severity8.1OSV Advisory· Published Apr 22, 2019· Updated Jun 17, 2026
CVE-2019-11404
CVE-2019-11404
Description
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.arrow-kt:arrow-ank-gradleMaven | < 0.9.0 | 0.9.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/arrow-kt/ank/pull/36nvdPatchThird Party AdvisoryWEB
- github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8nvdPatchThird Party AdvisoryWEB
- github.com/arrow-kt/ank/issues/35nvdExploitPatchThird Party AdvisoryWEB
- github.com/arrow-kt/arrow/issues/1310nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-rcj2-vvjx-87pmghsaADVISORY
- github.com/arrow-kt/arrow/releases/tag/0.9.0nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2019-11404ghsaADVISORY
News mentions
0No linked articles in our index yet.