CVE-2019-10248

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10248

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10248.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10248

Aliases

GHSA-fg2q-v428-2gph

Published

2019-04-22T21:29:00.257Z

Modified

2026-05-18T14:45:35.663909Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622

Affected packages

Git / github.com/eclipse-vorto/vorto

Affected ranges

Type

GIT

Repo

https://github.com/eclipse-vorto/vorto

Events

Introduced

Fixed

ad95edac2712b2cf89ad83e1037b7b0d82a7f3fb

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.11"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:eclipse:vorto:*:*:*:*:*:*:*:*"
}

Affected versions

0.*

0.10.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10248.json"