CVE-2019-17560

CVE-2019-17560 describes an issue in the Apache NetBeans autoupdate system where HTTPS downloads are not validating SSL certificates or hostnames. This enables an attacker to intercept autoupdates and modify them, potentially injecting malicious code. The vulnerability affects NetBeans releases u...

CVE-2019-17561

Summary: CVE-2019-17561 affects Apache NetBeans, where the autoupdate system does not fully validate code signatures, allowing an attacker to modify downloaded nbm packages. This vulnerability impacts NetBeans releases up to and including 11.2. The available documents describe the root cause as i...

CVE-2018-17191

The vulnerability concerns Apache NetBeans (incubating) 9.0 with NetBeans Proxy Auto-Configuration (PAC) interpretation, which is vulnerable to remote command execution (RCE). The root cause, as described in the sources, is the use of the Nashorn JavaScript engine during PAC processing, which lea...

CVE-2020-11986

The CVE-2020-11986 issue affects Apache NetBeans up to 12.0. Opening a Gradle project causes the build script to run at load time, potentially enabling remote attackers to execute code without user consent. The Arch Linux advisory confirms a remote arbitrary code execution vulnerability and direc...