CVE-2019-10753

Name of the Vulnerable Software and Affected Versions eclipse-wtp versions prior to 3.9.6 eclipse-cdt versions prior to 9.4.4 eclipse-groovy versions prior to 3.0.1

Description The issue arises from Spotless resolving dependencies over an insecure channel, specifically http, which could allow a malicious user to perform a Man-in-the-Middle attack during the build process. This could result in the alteration of build artifacts. If any of these artifacts were compromised, developers using them could be affected. The probability of this occurrence is considered low, but without validation from the maintainer, it cannot be guaranteed that the artifacts were not altered.

Recommendations For eclipse-wtp versions prior to 3.9.6, update to version 3.9.6 or later to resolve the issue. For eclipse-cdt versions prior to 9.4.4, update to version 9.4.4 or later to resolve the issue. For eclipse-groovy versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider using a secure connection for the build process to minimize the risk of exploitation.