Main Vulnerability Database Vulnerabilities #VU35763

Cryptographic issues in kotlin - CVE-2019-10101

Published: July 3, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35763

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-10101

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
kotlin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

How to mitigate CVE-2019-10101

Install update from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb

Cryptographic issues in kotlin - CVE-2019-10101

Detailed vulnerability description

How to mitigate CVE-2019-10101

Sources

Please verify you're human