Main Vulnerability Database Vulnerabilities #VU35765

Input validation error in kotlin - CVE-2019-10103

Published: July 3, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35765

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-10103

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
kotlin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

How to mitigate CVE-2019-10103

Install update from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Input validation error in kotlin - CVE-2019-10103

Detailed vulnerability description

How to mitigate CVE-2019-10103

Sources

Please verify you're human