Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2017-18214 Vulnerability in maven package org.webjars.bower:moment
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl
CVE-2023-20859 Vulnerability in maven package org.springframework.vault:spring-vault-core
CVE-2020-2132 Vulnerability in maven package com.parasoft:environment-manager