Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Created gradle tracking bugs for this issue: Affects: epel-6 [bug 1698511] Affects: fedora-28 [bug 1698509] Affects: fedora-29 [bug 1698510]
gradle-4.3.1-9.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11065