CVE-2019-11404

medium

Description

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.

References

Advisories
More

https://github.com/arrow-kt/arrow/releases/tag/0.9.0

https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8

https://github.com/arrow-kt/ank/pull/36

https://github.com/arrow-kt/arrow/issues/1310

https://github.com/arrow-kt/ank/issues/35

Details

Source: Mitre, NVD

Published: 2019-04-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N