Astra Linux – Vulnerability in Maven

Apache Maven will no longer follow repositories that are defined in a dependency’s Project Object Model POM. This may be surprising to some users, and could lead to potential risks if a malicious actor takes control of that repository or manages to impersonate that repository. Maven has changed t...

CVE-2021-41033

In all released versions of Eclipse Equinox, at least until version 4.21 September 2021, installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by...

CVE-2021-41033

In all released versions of Eclipse Equinox, at least until version 4.21 September 2021, installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by...

GHSA-2F88-5HG8-9X2X Origin Validation Error in Apache Maven

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

Apache Maven -- multiple vulnerabilities

The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories use...