Skip to content

Ballerina is an open source programming language and...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.

References

Published by the National Vulnerability Database Jun 22, 2021
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 29, 2023

Severity

High

EPSS score

0.073%
(33rd percentile)

Weaknesses

CVE ID

CVE-2021-32700

GHSA ID

GHSA-jpjf-qc9h-8jgp

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.