CVE-2019-10248

CVE-2019-10248

Vendor The Eclipse Foundation
Product Eclipse Vorto
Weakness CWE-829 · Inclusion from untrusted sphere
Published April 22, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
August 4, 2024 Record updated