CVE-2019-10249

Summary

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Xtextunspecified < 2.18.0affected

Weaknesses

  • CWE-829: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
  • CWE-494: CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References