Description
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622
Related Vulnerabilities
CVE-2019-17495 Vulnerability in maven package org.webjars.npm:swagger-ui
CVE-2017-16036 Vulnerability in npm package badjs-sourcemap-server
CVE-2020-6541 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-8237 Vulnerability in maven package org.webjars.npm:json-bigint
CVE-2020-26274 Vulnerability in npm package systeminformation