Description
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
Remediation
References
https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability
https://github.com/grails/grails-core/issues/11250
Related Vulnerabilities
CVE-2019-16771 Vulnerability in maven package com.linecorp.armeria:armeria
CVE-2021-21321 Vulnerability in npm package fastify-reply-from
CVE-2020-17479 Vulnerability in npm package jpv
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http
CVE-2020-2212 Vulnerability in maven package org.jenkins-ci.plugins:github-coverage-reporter