Search criteria
2 vulnerabilities found for xtext by eclipse
CVE-2019-10249 (GCVE-0-2019-10249)
Vulnerability from nvd – Published: 2019-05-06 16:12 – Updated: 2024-08-04 22:17
VLAI
Summary
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996 | x_refsource_CONFIRM |
| https://github.com/eclipse/xtext-xtend/issues/759 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Xtext |
Affected:
unspecified , < 2.18.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Xtext",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All Xtext \u0026 Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-06T16:12:09.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2019-10249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Xtext",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.18.0"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xtext \u0026 Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-494: Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"name": "https://github.com/eclipse/xtext-xtend/issues/759",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2019-10249",
"datePublished": "2019-05-06T16:12:09.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10249 (GCVE-0-2019-10249)
Vulnerability from cvelistv5 – Published: 2019-05-06 16:12 – Updated: 2024-08-04 22:17
VLAI
Summary
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996 | x_refsource_CONFIRM |
| https://github.com/eclipse/xtext-xtend/issues/759 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Xtext |
Affected:
unspecified , < 2.18.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Xtext",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All Xtext \u0026 Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-06T16:12:09.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2019-10249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Xtext",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.18.0"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xtext \u0026 Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-494: Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"
},
{
"name": "https://github.com/eclipse/xtext-xtend/issues/759",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/xtext-xtend/issues/759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2019-10249",
"datePublished": "2019-05-06T16:12:09.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}