Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2023-29924 Vulnerability in maven package tech.powerjob:powerjob
CVE-2022-43404 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2016-10735 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-elasticsearch
CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript