CVE-2019-11065

Name of the Vulnerable Software and Affected Versions Gradle versions 1.4 through 5.3.1

Description The issue arises from Gradle using an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. This could allow dependency artifacts to be maliciously compromised by a Man-In-The-Middle (MITM) attack against the ajax.googleapis.com website.

Recommendations For Gradle versions 1.4 through 5.3.1, consider updating the plugin configurations to use secure HTTPS URLs for dependency downloads as a temporary workaround. Restrict access to the affected plugins to minimize the risk of exploitation.