3 matches found
CVE-2019-3801
CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...
CVE-2019-3801 Java Projects using HTTP to fetch dependencies
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...
CVE-2019-3801: Java Projects using HTTP to fetch dependencies | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub 2.1 versions prior to 2.1.3 1.9 versions prior to 1.9.10 cf-deployment All versions prior to v7.9.0 UAA Release OSS All versions prior to v64.0 Description Cloud Foundry cf-deployment, versions prio...