Linux Distros Unpatched Vulnerability : CVE-2019-10753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse- cdt, and all versions prior to version 3.0.1 for...

Incorrect Resource Transfer Between Spheres in eclipse-wtp

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

Man-in-the-Middle (MitM)

spotless-eclipse-groovy, spotless-eclipse-cdt and spotless-eclipse-wtp is vulnerable to man-in-the-middle MitM. The build files in the project resolve dependencies over an insecure HTTP channel. A remote attacker could potentially modify and include malicious code in the build artifacts. Should t...

Design/Logic Flaw

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

CVE-2019-10753

CVE-2019-10753 details a vulnerability in Spotless where dependencies were resolved over HTTP in affected Eclipse tooling: eclipse-wtp <3.9.6, eclipse-cdt <9.4.4, and eclipse-groovy

Unsafe Dependency Resolution

Overview com.diffplug.gradle.spotless:spotless-eclipse-groovy is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious...