CVE-2019-10248

Summary

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Vortounspecified < 0.11affected

Weaknesses

  • CWE-829: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
  • CWE-494: CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References