Impact
Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables.
Patches
Ballerina 1.2.14
Ballerina SwanLake alpha4
For more information
If you have any questions or comments about this advisory:
- Email us at security [at] ballerina.io
intrigus-lgtm Analyst
Impact
Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables.
Patches
Ballerina 1.2.14
Ballerina SwanLake alpha4
For more information
If you have any questions or comments about this advisory: