4 matches found
com.att.nsa:msgrtr (=0.0.5), com.causecode.plugins:mongo-update-embedded (>=0.0.3 <=1.0.0) +86 more potentially affected by CVE-2019-12728 via org.grails:grails-core (>=1.1 <=3.3.1)
org.grails:grails-core MAVEN version =1.1, =0.0.3, =0.4, =5.0.0.RC1, =1.0.0.GA, =6.0.0.RC1, =1.0.0.GA, =5.0.0.RC1, =3.0.0, =3.0.0, =1.1, =1.0.2.RELEASE, =1.0.0-M01, =6.1.0.RELEASE and more Source cves: CVE-2019-12728 Source advisory: OSV:GHSA-PMXF-4V8C-RWR7...
CVE-2019-12728
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP...
CVE-2019-12728
CVE-2019-12728 affects Grails up to version 3.3.9, where the SDKMan notification service was resolved over cleartext HTTP. This creates a potential for eavesdropping or tampering of the notification channel, with impact on the confidentiality and integrity of the interaction during dependency res...
CVE-2019-12728
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP...