GHSA-fg2q-v428-2gph

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fg2q-v428-2gph/GHSA-fg2q-v428-2gph.json
Aliases
  • CVE-2019-10248
Published
2022-05-24T16:44:08Z
Modified
2022-11-22T20:08:58.469500Z
Details

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

References

Affected packages

Maven / org.eclipse.vorto:org.eclipse.vorto.core

org.eclipse.vorto:org.eclipse.vorto.core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.11.0

Affected versions

0.*

0.10.0
0.10.0.M1
0.10.0.M10
0.10.0.M11
0.10.0.M2
0.10.0.M3
0.10.0.M4
0.10.0.M5
0.10.0.M6
0.10.0.M7
0.10.0.M8
0.10.0.M9
0.10.1
0.9.0