Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-09T23:37:04

Updated: 2024-08-04T22:40:16.302Z

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11065

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-10T00:29:00.243

Modified: 2024-11-21T04:20:28.197

Link: CVE-2019-11065

cve-icon Redhat

Severity : Important

Publid Date: 2019-04-09T00:00:00Z

Links: CVE-2019-11065 - Bugzilla