11 matches found
EUVD-2022-3767
Malicious code in bioql PyPI...
CVE-2019-10248
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
org.eclipse.vorto.utilities:dsl-reader (>=0.10.0 <=0.10.1), org.eclipse.vorto:boschiotsuite-cloud (>=0.10.0 <=0.10.1) +25 more potentially affected by CVE-2019-10248 via org.eclipse.vorto:org.eclipse.vorto.core (>=0.10.0 <=0.10.1)
org.eclipse.vorto:org.eclipse.vorto.core MAVEN version =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0.M2, =0.10.0.M3 and more Source cves: CVE-2019-10248 Source advisory: OSV:GHSA-FG2Q-V428-2GPH...
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
GHSA-FG2Q-V428-2GPH Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
Man-in-the-Middle (MitM)
Eclipse Vorto is vulnerable to man-in-the-middle MitM. The attack exists because it does not use encrypted HTTP channel download its eclipse dependencies, allowing a remote attacker to intercept the HTTP traffic during the installation of dependencies...
Design/Logic Flaw
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
CVE-2019-10248
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
CVE-2019-10248
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
CVE-2019-10248
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
CVE-2019-10248
CVE-2019-10248 affects Eclipse Vorto prior to 0.11. Maven build artifacts for the Xtext project were resolved over HTTP rather than HTTPS, enabling potential MITM tampering of dependency artifacts. This could allow infected build artifacts to be produced. The issue is tied to the build/download c...