Community
Participate
Working Groups
Request for a new CVE. For details about the content have a look here: https://github.com/eclipse/buildship/issues/855 ======================================= Project: Eclipse Buildship version: All versions prior 3.1.1 CWE-829: Inclusion of Functionality from Untrusted Control Sphere summary: The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.
Does any of the project leads agree on assigning a CVE?
(In reply to Jens Reimann from comment #1) > Does any of the project leads agree on assigning a CVE? Donat has been working as a delegate for the project leads on a number of different matters. I'm content that Donat represents their interests. I've assigned CVE-2019-11770.
I've created a pull request. https://github.com/CVEProject/cvelist/pull/2162