CVE-2019-10248: Incorrect Resource Transfer Between Spheres

April 22, 2019 (updated October 9, 2019)

Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=546622
nvd.nist.gov/vuln/detail/CVE-2019-10248

Code Behaviors & Features

Detect and mitigate CVE-2019-10248 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →