{"id":"CVE-2019-11065","details":"Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.","aliases":["GHSA-pprq-4488-wgqx"],"modified":"2026-04-10T04:14:04.090556Z","published":"2019-04-10T00:29:00.243Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/"},{"type":"FIX","url":"https://github.com/gradle/gradle/pull/8927"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gradle/gradle","events":[{"introduced":"c2fc659ae4a060365a0da1d739bbc3b3b6e8ea8d"},{"last_affected":"f2fae6ba563cfb772c8bc35d31e43c59a5b620c3"}],"database_specific":{"versions":[{"introduced":"1.4"},{"last_affected":"5.3.1"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11065.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}