CVE-2019-10249
N/A
N/A
Summary
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Xtext | unspecified < 2.18.0 | affected |
Weaknesses
- CWE-829: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
- CWE-494: CWE-494: Download of Code Without Integrity Check
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
- https://github.com/eclipse/xtext-xtend/issues/759
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
- https://github.com/eclipse/xtext-xtend/issues/759
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.