PT-2019-11533 · Pinterest · Ktlint

Jlleitschuh

Publicado

2019-04-02

Atualizado

2020-08-24

CVE-2019-1010260

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ktlint versions prior to 0.30.0

Description: The issue allows for arbitrary code execution when using ktlint to download and execute custom rulesets, as the served jars can be compromised by a Man in the Middle (MITM) attack. This attack is exploitable via a MITM of the HTTP connection to the artifact servers.

Recommendations: For versions prior to 0.30.0, update to version 0.30.0 or later to resolve the issue.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2019-1010260

GHSA-R8H9-HQ9C-2P5C

Produtos afetados

Ktlint

PT-2019-11533 · Pinterest · Ktlint

CVE-2019-1010260

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6