High severityNVD Advisory· Published Apr 22, 2019· Updated Aug 4, 2024
CVE-2019-10248
CVE-2019-10248
Description
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.vorto:org.eclipse.vorto.coreMaven | < 0.11.0 | 0.11.0 |
Affected products
2- The Eclipse Foundation/Eclipse Vortov5Range: unspecified
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-fg2q-v428-2gphghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10248ghsaADVISORY
- bugs.eclipse.org/bugs/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.