CVE-2021-41034
The CVE concerns Eclipse Che v6: builds of language stacks (Java 8 on Alpine/CentOS, Android, and PHP) pull binaries from an unsecured HTTP endpoint, enabling MITM substitution during the build process. The vulnerability affects the build-time retrieval of binaries, not runtime execution. Root ca...