Description
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996
https://github.com/eclipse/xtext-xtend/issues/759
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2014-3656 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-2968 Vulnerability in npm package proxy
CVE-2021-39147 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream