EUVD-2019-0433

Malware in sbrugna...

com.github.shyiko.ktlint:ktlint-ruleset-standard (>=0.2.0 <=0.2.2), com.github.shyiko.ktlint:ktlint-test (>=0.2.0 <=0.2.2) +1 more potentially affected by CVE-2019-1010260 via com.github.shyiko.ktlint:ktlint-core (>=0.2.0 <=0.2.2)

com.github.shyiko.ktlint:ktlint-core MAVEN version =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.2 Source cves: CVE-2019-1010260 Source advisory: OSV:GHSA-R8H9-HQ9C-2P5C...

GHSA-R8H9-HQ9C-2P5C High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...

High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...

Code injection

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...

CVE-2019-1010260

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...

CVE-2019-1010260

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...

CVE-2019-1010260

The connected documents confirm a vulnerability in com.github.shyiko.ktlint:ktlint-core where downloading and executing custom rulesets over HTTP can be compromised via a MITM, allowing arbitrary code execution. The issue arises from serving jars that can be tampered, enabling exploitation during...

CVE-2019-1010260

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...