Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2021-23567 Vulnerability in npm package colors
CVE-2022-40929 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar
CVE-2023-46131 Vulnerability in maven package org.grails:grails-encoder
CVE-2021-39168 Vulnerability in npm package @openzeppelin/contracts-upgradeable