3 matches found
com.github.shyiko.ktlint:ktlint-ruleset-standard (>=0.2.0 <=0.2.2), com.github.shyiko.ktlint:ktlint-test (>=0.2.0 <=0.2.2) +1 more potentially affected by CVE-2019-1010260 via com.github.shyiko.ktlint:ktlint-core (>=0.2.0 <=0.2.2)
com.github.shyiko.ktlint:ktlint-core MAVEN version =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.2 Source cves: CVE-2019-1010260 Source advisory: OSV:GHSA-R8H9-HQ9C-2P5C...
CVE-2019-1010260
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...
CVE-2019-1010260
The connected documents confirm a vulnerability in com.github.shyiko.ktlint:ktlint-core where downloading and executing custom rulesets over HTTP can be compromised via a MITM, allowing arbitrary code execution. The issue arises from serving jars that can be tampered, enabling exploitation during...