spotless-eclipse-groovy, spotless-eclipse-cdt and spotless-eclipse-wtp is vulnerable to man-in-the-middle (MitM). The build files in the project resolve dependencies over an insecure HTTP channel. A remote attacker could potentially modify and include malicious code in the build artifacts. Should the JAR
files be compromised, the attacker will be able to execute arbitrary code on the developers’ systems.