Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2020-8897 Vulnerability in maven package com.amazonaws:aws-encryption-sdk-java
CVE-2021-37701 Vulnerability in npm package tar
CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-34455 Vulnerability in maven package org.xerial.snappy:snappy-java