Eclipse · Eclipse Equinox · CVE-2021-41033
**Name of the Vulnerable Software and Affected Versions**
Eclipse Equinox versions prior to 4.21
**Description**
The issue allows for a man-in-the-middle attack when using HTTP p2 repositories, potentially leading to the installation of malicious plug-ins that can run malicious code by serving incorrect p2 metadata and altering the local installation.
**Recommendations**
For Eclipse Equinox versions prior to 4.21, consider switching to HTTPS p2 repositories to mitigate the risk of man-in-the-middle attacks. As a temporary workaround, restrict access to HTTP p2 repositories until a secure connection method is implemented.