CVE-2019-1000014

Name: CVE-2019-1000014
Creator: NVD / NIST
Published: 2019-02-04T21:29:01.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.79%

Last modified Jun 17, 2026

CVE-2019-1000014 is a vulnerability of currently unknown severity. Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. EPSS estimates a 1.79% chance of exploitation in the next 30 days.

Description

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.

Metrics

EPSS Probability

1.79%

75.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Erlang	Rebar3	>= 3.7.0, <= 3.7.5

References

https://github.com/erlang/rebar3/pull/1986Issue Tracking, Third Party Advisory
https://github.com/erlang/rebar3/pull/1986Issue Tracking, Third Party Advisory

Timeline

Published: Feb 4, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-1000014?

How severe is CVE-2019-1000014?

Severity scoring for CVE-2019-1000014 is pending analysis. The EPSS model estimates a 1.79% probability of exploitation in the next 30 days.

How do I fix CVE-2019-1000014?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1000014?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST