PT-2019-12289 · Apache Arrow · Arrow-Kt

Jlleitschuh

Published

2019-04-21

Updated

2020-08-24

CVE-2019-11404

CVSS v3.1

8.1

High

Vector

AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions arrow-kt versions prior to 0.9.0

Description The issue arises from the software resolving Gradle build artifacts over HTTP instead of HTTPS, making it susceptible to MITM attacks. This could allow malicious compromise of dependent artifacts.

Recommendations For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue.

Exploit

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2019-11404

GHSA-RCJ2-VVJX-87PM

Affected Products

Arrow-Kt

PT-2019-12289 · Apache Arrow · Arrow-Kt

CVE-2019-11404

Weakness Enumeration

Related Identifiers

Affected Products

References · 8