PT-2019-11533 · Pinterest · Ktlint

Jlleitschuh

Published

2019-04-02

Updated

2020-08-24

CVE-2019-1010260

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ktlint versions prior to 0.30.0

Description: The issue allows for arbitrary code execution when using ktlint to download and execute custom rulesets, as the served jars can be compromised by a Man in the Middle (MITM) attack. This attack is exploitable via a MITM of the HTTP connection to the artifact servers.

Recommendations: For versions prior to 0.30.0, update to version 0.30.0 or later to resolve the issue.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-1010260

GHSA-R8H9-HQ9C-2P5C

Affected Products

Ktlint

PT-2019-11533 · Pinterest · Ktlint

CVE-2019-1010260

Weakness Enumeration

Related Identifiers

Affected Products

References · 6