Home > Vulnerability Database > WS-2019-0490

Mend.io Vulnerability Database

WS-2019-0490

Good to know:

Date: February 19, 2019

Inclusion of Functionality from Untrusted Control Sphere vulnerability found in jcommander before 1.75. jcommander resolving dependencies over HTTP instead of HTTPS.

Language: Java

Severity Score

8.1

Related Resources (2)

Url: https://github.com/cbeust/jcommander/commit/3ae95595febbed9c13f367b6bda5c0be1c572c53

Url: https://www.mend.io/vulnerability-database/WS-2019-0490

Severity Score

8.1

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version r-r2pmml - no_fix;fgbio - 0.2.0;fgbio - 0.4.0;nextflow - no_fix;nextflow - 0.32.0;nextflow - 0.31.0;dsiddharth2/php-zxing - 1.0.0;mzmine - no_fix;JetBrains.Rider.Frontend2 - 203.0.20201211.142525;JetBrains.Rider.Frontend2 - 203.0.20201127.95230-eap09;JetBrains.Rider.Frontend2 - 203.0.20200923.135724-eap01;eoulsan - no_fix;eoulsan - 2.3;ddkits/cli - v143.x-dev;ddkits/cli - v1.21.x-dev;ddkits/cli - 4.20;ddkits/cli - dev-beta2;ddkits/cli - dev-produc;gradle - 7.0.0;gradle - 6.3.0;mgf-formatter - no_fix;mpa-portable - no_fix;sklearn2pmml - 0.66.0;sklearn2pmml - no_fix;dropseq_tools - 2.0.0;fiji - no_fix;AllureReport.Generator - no_fix;existdb - 4.4.0;existdb - no_fix;openrefine - 3.5.0;hyuel/box - no_fix;beakerx - no_fix;bioconductor-fastreer - no_fix;polozpavlo/allure - no_fix;watchdog-wms - 2.0.5;com.beust:jcommander:1.75;com.beust:jcommander:1.75;com.beust:jcommander:1.75

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2019-0490

Good to know:

Date: February 19, 2019

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?