High severityNVD Advisory· Published Mar 30, 2020· Updated Aug 5, 2024
CVE-2019-17561
CVE-2019-17561
Description
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.codehaus.mevenide:netbeansMaven | <= 3.1.4 | — |
Affected products
2- Apache/NetBeansdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-cf8q-j9h3-7237ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-17561ghsaADVISORY
- lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3Eghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2020.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.