CVE-2019-10248
22.04.2019, 21:29
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.Enginsight
| Vendor | Product | Version |
|---|---|---|
| eclipse | vorto | 𝑥 < 0.11 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-494 - Download of Code Without Integrity CheckThe product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
- CWE-669 - Incorrect Resource Transfer Between SpheresThe product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.