CVE-2019-10248

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10248

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10248.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10248

Aliases

GHSA-fg2q-v428-2gph

Published

2019-04-22T21:29:00Z

Modified

2024-10-12T04:13:34.498264Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622

Affected packages

Git / github.com/eclipse/vorto

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/vorto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ad95edac2712b2cf89ad83e1037b7b0d82a7f3fb

Affected versions

0.*

0.10.0

0.10.0.M1

0.10.0.M10

0.10.0.M11

0.10.0.M2

0.10.0.M3

0.10.0.M4

0.10.0.M5

0.10.0.M6

0.10.0.M7

0.10.0.M8

0.10.0.M9

0.10.1

0.4.0_M1

0.4.0_M2

0.4.0_M3

0.4.0_M4

0.9.0.RELEASE

0.9.0_M1

0.9.0_M2