CVE-2021-32700

Name of the Vulnerable Software and Affected Versions Ballerina versions 1.2.x through 1.2.13 Ballerina SL releases up to alpha 3

Description Ballerina is an open source programming language and platform for cloud application programmers. The issue allows for a supply chain attack via Man-in-the-Middle (MiTM) against users. HTTP connections did not utilize TLS and certificate checking was ignored, enabling an attacker to substitute or modify packages retrieved from BC, thus allowing the injection of malicious code into Ballerina executables.

Recommendations For Ballerina versions 1.2.x through 1.2.13, update to Ballerina 1.2.14 to resolve the issue. For Ballerina SL releases up to alpha 3, update to Ballerina SwanLake alpha4 to resolve the issue.