CVE-2019-10249
First published: Mon May 06 2019(Updated: )
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Xtend | <2.18.0 | |
| Eclipse Xtext | <2.18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10249?
CVE-2019-10249 has a medium severity rating due to the potential for compromise of built artifacts.
How do I fix CVE-2019-10249?
To fix CVE-2019-10249, upgrade to Xtext or Xtend version 2.18.0 or later.
What versions are affected by CVE-2019-10249?
CVE-2019-10249 affects all Xtext and Xtend versions prior to 2.18.0.
What is the impact of CVE-2019-10249?
The impact of CVE-2019-10249 is that built artifacts may have been subject to compromise during transfer.
Who is affected by CVE-2019-10249?
Developers and organizations using Xtext or Xtend versions prior to 2.18.0 are affected by CVE-2019-10249.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/eclipse
- canonical/eclipse xtend
- canonical/eclipse xtext