PT-2019-12903 · Pivotal · Grails

Published

2019-06-04

Updated

2022-05-24

CVE-2019-12728

CVSS v3.1

8.1

High

Vector

AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Grails versions prior to 3.3.10

Description The issue concerns the use of cleartext HTTP to resolve the SDKMan notification service. It is noted that users' apps were not resolving dependencies over cleartext HTTP.

Recommendations For versions prior to 3.3.10, update to version 3.3.10 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-669CWE-494

Related Identifiers

CVE-2019-12728

GHSA-PMXF-4V8C-RWR7

Affected Products

Grails

PT-2019-12903 · Pivotal · Grails

CVE-2019-12728

Weakness Enumeration

Related Identifiers

Affected Products

References · 5