CVE-2019-1010260: Improper Access Control

April 2, 2019 (updated April 4, 2019)

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers.

References

nvd.nist.gov/vuln/detail/CVE-2019-1010260

Code Behaviors & Features

Detect and mitigate CVE-2019-1010260 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →