CVE-2019-17561: Improper Input Validation

March 30, 2020 (updated April 1, 2020)

NetBeans autoupdate does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code.

References

lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-17561

Detect and mitigate CVE-2019-17561 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →