Unrated severityNVD Advisory· Published Sep 29, 2021· Updated Aug 4, 2024
CVE-2021-41034
CVE-2021-41034
Description
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- The Eclipse Foundation/Eclipse Chev5Range: 6.0
Patches
Vulnerability mechanics
References
1- bugs.eclipse.org/bugs/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.