Community
Participate
Working Groups
Request for a new CVE. For details about the content have a look here: https://github.com/eclipse/vorto/issues/1434 ======================================= Project: Eclipse Vorto version: All versions prior 0.11 CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE-494: Download of Code Without Integrity Check summary: Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Pull request: https://github.com/CVEProject/cvelist/pull/1932