CVE-2019-11770

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11770
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11770.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11770
Published
2019-06-14T14:29:00.530Z
Modified
2026-04-10T04:15:42.229829Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

References

Affected packages

Git / github.com/eclipse/buildship

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/buildship
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e28466b8d7c67fe75546927c981a5c474552ad38
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.1"
        }
    ]
}

Affected versions

REL_1.*
REL_1.0.0
REL_1.0.1
REL_1.0.10
REL_1.0.11
REL_1.0.12
REL_1.0.13
REL_1.0.14
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.0.9
REL_2.*
REL_2.0.0
REL_2.0.1
REL_2.0.2
REL_2.1.0
REL_2.1.1
REL_2.1.2
REL_3.*
REL_3.0.0
REL_3.0.1
REL_3.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11770.json"