Critical severityNVD Advisory· Published Mar 30, 2020· Updated Aug 5, 2024
CVE-2019-17560
CVE-2019-17560
Description
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.codehaus.mevenide:netbeansMaven | <= 3.1.4 | — |
Affected products
2- Apache/NetBeansdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-7c2m-vwxw-5qwwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-17560ghsaADVISORY
- lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3Eghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2020.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.