GHSA-rfj2-4g26-7jw5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rfj2-4g26-7jw5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfj2-4g26-7jw5/GHSA-rfj2-4g26-7jw5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rfj2-4g26-7jw5
- Aliases
-
- CVE-2019-10249
- Published
- 2022-05-24T16:45:13Z
- Modified
- 2023-11-08T04:00:43.955486Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Potentially compromised builds
- Details
-
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
- Database specific
{ "nvd_published_at": "2019-05-06T16:29:00Z", "github_reviewed_at": "2022-11-04T22:37:04Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-319" ] }- References
Affected packages
Maven / org.eclipse.xtext:org.eclipse.xtext
Package
- Name
- org.eclipse.xtext:org.eclipse.xtext
- View open source insights on deps.dev
- Purl
- pkg:maven/org.eclipse.xtext/org.eclipse.xtext
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.18.0
Affected versions
2.*
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.1
2.6.2
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.0.beta1
2.9.0.beta2
2.9.0.beta3
2.9.0.beta4
2.9.0.beta5
2.9.0.beta6
2.9.0.rc1
2.9.0.rc2
2.9.0
2.9.1
2.9.2
2.10.0
2.11.0.beta2
2.11.0.RC1
2.11.0.RC2
2.11.0
2.12.0.M1
2.12.0
2.13.0.M2
2.13.0.RC1
2.13.0
2.14.0.RC1
2.14.0
2.15.0
2.16.0.M1
2.16.0.M3
2.16.0
2.17.0.M1
2.17.0.M2
2.17.0.M3
2.17.0
2.17.1
2.18.0.M1
2.18.0.M2
2.18.0.M3
Maven / org.eclipse.xtend:org.eclipse.xtend.core
Package
- Name
- org.eclipse.xtend:org.eclipse.xtend.core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.eclipse.xtend/org.eclipse.xtend.core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.18.0
Affected versions
2.*
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.1
2.6.2
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.0.beta1
2.9.0.beta2
2.9.0.beta3
2.9.0.beta4
2.9.0.beta5
2.9.0.beta6
2.9.0.rc1
2.9.0.rc2
2.9.0
2.9.1
2.9.2
2.10.0
2.11.0.beta2
2.11.0.RC1
2.11.0.RC2
2.11.0
2.12.0.M1
2.12.0
2.13.0.M2
2.13.0.RC1
2.13.0
2.14.0.RC1
2.14.0
2.15.0
2.16.0.M1
2.16.0.M3
2.16.0
2.17.0.M1
2.17.0.M2
2.17.0.M3
2.17.0
2.17.1
2.18.0.M1
2.18.0.M2
2.18.0.M3