Unrated severityNVD Advisory· Published Apr 25, 2019· Updated Sep 17, 2024
Java Projects using HTTP to fetch dependencies
CVE-2019-3801
Description
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5<7.9.0+ 1 more
- (no CPE)range: <7.9.0
- (no CPE)range: All
- Cloud Foundry/CredHubv5Range: 2.1
- Cloud Foundry/UAA Release (OSS)v5Range: All
- Range: v60
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/108104mitrevdb-entryx_refsource_BID
- www.cloudfoundry.org/blog/cve-2019-3801mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.