CVE-2019-10101 (High) detected in kotlin-stdlib-1.3.0.jar, kotlin-stdlib-common-1.3.0.jar #8
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2019-10101 - High Severity Vulnerability
kotlin-stdlib-1.3.0.jar
Kotlin Standard Library for JVM
Path to vulnerable library: rn-apple-healthkit/node_modules/jetifier/lib/kotlin-stdlib-1.3.0.jar
Dependency Hierarchy:
kotlin-stdlib-common-1.3.0.jar
Kotlin Common Standard Library
Path to vulnerable library: rn-apple-healthkit/node_modules/jetifier/lib/kotlin-stdlib-common-1.3.0.jar
Dependency Hierarchy:
Found in HEAD commit: fb7bf1164ba4b24c7b064e493ebcb7a064021f0e
Found in base branch: master
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
Publish Date: 2019-07-03
URL: CVE-2019-10101
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10101
Release Date: 2019-07-03
Fix Resolution: org.jetbrains.kotlin:kotlin-stdlib:1.3.30,org.jetbrains.kotlin:kotlin-stdlib-common:1.3.30,org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.30,org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.30,org.jetbrains.kotlin:kotlin-reflect:1.3.30
The text was updated successfully, but these errors were encountered: