CVE-2019-10249: Inclusion of Functionality from Untrusted Control Sphere

May 6, 2019 (updated November 5, 2019)

Xtext & Xtend were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=546996
github.com/eclipse/xtext-xtend/issues/759
nvd.nist.gov/vuln/detail/CVE-2019-10249

Code Behaviors & Features

Detect and mitigate CVE-2019-10249 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →