Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2022-24762 Vulnerability in npm package sysend
CVE-2018-20676 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2022-25646 Vulnerability in npm package x-data-spreadsheet
CVE-2022-29253 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-35088 Vulnerability in maven package org.apache.inlong:manager-service