{"id":"CVE-2019-10249","details":"All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.","aliases":["GHSA-rfj2-4g26-7jw5"],"modified":"2026-04-10T04:14:16.862039Z","published":"2019-05-06T16:29:00.240Z","references":[{"type":"REPORT","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546996"},{"type":"REPORT","url":"https://github.com/eclipse/xtext-xtend/issues/759"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-archived/xtext-xtend","events":[{"introduced":"0"},{"fixed":"b418c4899d50538be2241a3ff317cf3f24217dd8"},{"introduced":"0"},{"fixed":"b418c4899d50538be2241a3ff317cf3f24217dd8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.18.0"},{"introduced":"0"},{"fixed":"2.18.0"}]}}],"versions":["v2.10.0","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.5.1","v2.5.2","v2.5.3","v2.5.4","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.8.0","v2.8.1","v2.8.2","v2.8.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10249.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}