Gradle · Gradle · CVE-2019-11065
**Name of the Vulnerable Software and Affected Versions**
Gradle versions 1.4 through 5.3.1
**Description**
The issue arises from Gradle using an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. This could allow dependency artifacts to be maliciously compromised by a Man-In-The-Middle (MITM) attack against the ajax.googleapis.com website.
**Recommendations**
For Gradle versions 1.4 through 5.3.1, consider updating the plugin configurations to use secure HTTPS URLs for dependency downloads as a temporary workaround. Restrict access to the affected plugins to minimize the risk of exploitation.