{"id":"CVE-2019-10753","details":"In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.","aliases":["GHSA-gvxv-5fp2-358q"],"modified":"2026-04-10T04:14:30.380825Z","published":"2019-09-05T20:15:11.350Z","related":["SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377"],"references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/diffplug/spotless","events":[{"introduced":"0"},{"fixed":"a67fcf3a9df061774a3a646e44ffbae55ead64e5"},{"introduced":"0"},{"fixed":"3dad81e9517150d13119ba30be24ca3c487e7124"},{"introduced":"0"},{"fixed":"bded29e63501d13d051fee8fe52a90c47fdce354"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.4.4"},{"introduced":"0"},{"fixed":"3.0.1"},{"introduced":"0"},{"fixed":"3.9.6"}]}}],"versions":["ext-eclipse-base/3.0.0","ext-eclipse-base/3.1.0","ext-eclipse-base/3.4.0","ext-eclipse-base/3.4.1","ext-eclipse-base/3.4.2","ext-eclipse-base/3.5.0","ext-eclipse-base/3.5.1","ext-eclipse-base/3.5.2","ext-eclipse-cdt/10.0.0","ext-eclipse-cdt/10.1.0","ext-eclipse-cdt/10.2.0","ext-eclipse-cdt/10.3.0","ext-eclipse-cdt/10.4.0","ext-eclipse-cdt/10.5.0","ext-eclipse-cdt/9.10.0","ext-eclipse-cdt/9.11.0","ext-eclipse-cdt/9.4.3","ext-eclipse-cdt/9.4.4","ext-eclipse-groovy/2.9.2","ext-eclipse-groovy/3.0.0","ext-eclipse-groovy/3.6.0","ext-eclipse-groovy/3.7.0","ext-eclipse-groovy/3.8.0","ext-eclipse-groovy/3.8.1","ext-eclipse-groovy/3.9.0","ext-eclipse-groovy/4.0.0","ext-eclipse-groovy/4.1.0","ext-eclipse-groovy/4.2.0","ext-eclipse-groovy/4.3.0","ext-eclipse-jdt/4.6.3","ext-eclipse-jdt/4.7.2","ext-eclipse-jdt/4.8.0","ext-eclipse-jdt/4.8.1","ext-eclipse-wtp/3.15.3","ext-eclipse-wtp/3.16.0","ext-eclipse-wtp/3.17.0","ext-eclipse-wtp/3.18.0","ext-eclipse-wtp/3.18.1","ext-eclipse-wtp/3.19.0","ext-eclipse-wtp/3.20.0","ext-eclipse-wtp/3.21.0","ext-eclipse-wtp/3.22.0","ext-eclipse-wtp/3.23.0","ext-eclipse-wtp/3.9.5","ext-eclipse-wtp/3.9.6","ext-eclipse-wtp/3.9.8","gradle/3.0.0","gradle/3.1.0","gradle/3.10.0","gradle/3.12.0","gradle/3.13.0","gradle/3.14.0","gradle/3.15.0","gradle/3.16.0","gradle/3.17.0","gradle/3.18.0","gradle/3.19.0","gradle/3.2.0","gradle/3.20.0","gradle/3.21.0","gradle/3.21.1","gradle/3.22.0","gradle/3.23.0","gradle/3.23.1","gradle/3.24.0","gradle/3.24.1","gradle/3.24.2","gradle/3.24.3","gradle/3.25.0","gradle/3.26.0","gradle/3.26.1","gradle/3.27.0","gradle/3.27.1","gradle/3.27.2","gradle/3.28.0","gradle/3.28.1","gradle/3.29.0","gradle/3.3.0","gradle/3.3.2","gradle/3.30.0","gradle/3.4.0","gradle/3.4.1","gradle/3.5.0","gradle/3.5.1","gradle/3.5.2","gradle/3.6.0","gradle/3.7.0","gradle/3.8.0","gradle/3.9.0","gradle/4.0.0","gradle/4.0.1","gradle/4.1.0","gradle/4.2.0","gradle/4.2.1","gradle/4.3.0","gradle/4.3.1","gradle/4.4.0","gradle/4.5.0","gradle/4.5.1","gradle/5.0.0","gradle/5.1.0","gradle/5.1.1","gradle/5.1.2","gradle/5.10.0","gradle/5.10.1","gradle/5.10.2","gradle/5.11.0","gradle/5.11.1","gradle/5.12.0","gradle/5.12.1","gradle/5.12.2","gradle/5.12.3","gradle/5.12.4","gradle/5.12.5","gradle/5.13.0","gradle/5.14.0","gradle/5.14.1","gradle/5.14.2","gradle/5.14.3","gradle/5.15.0","gradle/5.15.1","gradle/5.15.2","gradle/5.16.0","gradle/5.17.0","gradle/5.17.1","gradle/5.2.0","gradle/5.3.0","gradle/5.4.0","gradle/5.5.0","gradle/5.5.1","gradle/5.5.2","gradle/5.6.0","gradle/5.6.1","gradle/5.7.0","gradle/5.8.0","gradle/5.8.1","gradle/5.8.2","gradle/5.9.0","gradle/6.0.0","gradle/6.0.1","gradle/6.0.2","gradle/6.0.3","gradle/6.0.4","gradle/6.0.5","gradle/6.1.0","gradle/6.1.1","gradle/6.1.2","gradle/6.10.0","gradle/6.11.0","gradle/6.12.0","gradle/6.12.1","gradle/6.14.0","gradle/6.14.1","gradle/6.15.0","gradle/6.16.0","gradle/6.17.0","gradle/6.18.0","gradle/6.19.0","gradle/6.2.0","gradle/6.2.1","gradle/6.2.2","gradle/6.20.0","gradle/6.22.0","gradle/6.23.0","gradle/6.23.1","gradle/6.23.3","gradle/6.24.0","gradle/6.25.0","gradle/6.3.0","gradle/6.4.0","gradle/6.4.1","gradle/6.4.2","gradle/6.5.0","gradle/6.5.1","gradle/6.5.2","gradle/6.6.0","gradle/6.6.1","gradle/6.7.0","gradle/6.7.1","gradle/6.7.2","gradle/6.8.0","gradle/6.9.0","gradle/6.9.1","gradle/7.0.0","gradle/7.0.0.BETA1","gradle/7.0.0.BETA2","gradle/7.0.0.BETA3","lib/1.0.0","lib/1.1.0","lib/1.10.0","lib/1.11.0","lib/1.12.0","lib/1.13.0","lib/1.14.0","lib/1.15.0","lib/1.16.0","lib/1.17.0","lib/1.18.0","lib/1.19.0","lib/1.2.0","lib/1.20.0","lib/1.21.1","lib/1.22.0","lib/1.23.0","lib/1.23.1","lib/1.24.0","lib/1.24.1","lib/1.24.3","lib/1.25.0","lib/1.26.0","lib/1.26.1","lib/1.27.0","lib/1.28.0","lib/1.28.1","lib/1.29.0","lib/1.3.0","lib/1.3.2","lib/1.30.0","lib/1.30.1","lib/1.31.0","lib/1.32.0","lib/1.33.0","lib/1.33.1","lib/1.34.0","lib/1.34.1","lib/1.4.0","lib/1.4.1","lib/1.5.0","lib/1.5.1","lib/1.6.0","lib/1.7.0","lib/1.8.0","lib/1.9.0","lib/2.0.0","lib/2.1.0","lib/2.10.0","lib/2.10.1","lib/2.10.2","lib/2.11.0","lib/2.12.0","lib/2.12.1","lib/2.13.0","lib/2.13.1","lib/2.13.2","lib/2.13.3","lib/2.13.4","lib/2.13.5","lib/2.14.0","lib/2.15.0","lib/2.15.1","lib/2.15.2","lib/2.15.3","lib/2.16.0","lib/2.16.1","lib/2.17.0","lib/2.18.0","lib/2.19.0","lib/2.19.1","lib/2.19.2","lib/2.2.0","lib/2.2.1","lib/2.2.2","lib/2.20.0","lib/2.20.1","lib/2.20.2","lib/2.20.3","lib/2.21.0","lib/2.21.1","lib/2.21.2","lib/2.22.0","lib/2.22.1","lib/2.22.2","lib/2.23.0","lib/2.24.0","lib/2.24.1","lib/2.24.2","lib/2.25.0","lib/2.25.1","lib/2.25.2","lib/2.25.3","lib/2.26.0","lib/2.26.1","lib/2.26.2","lib/2.27.0","lib/2.28.0","lib/2.28.1","lib/2.29.0","lib/2.3.0","lib/2.30.0","lib/2.31.0","lib/2.31.1","lib/2.34.0","lib/2.34.1","lib/2.35.0","lib/2.36.0","lib/2.37.0","lib/2.38.0","lib/2.39.0","lib/2.4.0","lib/2.40.0","lib/2.42.0","lib/2.43.0","lib/2.43.1","lib/2.44.0","lib/2.45.0","lib/2.5.0","lib/2.6.0","lib/2.6.1","lib/2.6.2","lib/2.7.0","lib/2.8.0","lib/2.9.0","lib/3.0.0","lib/3.0.0.BETA1","lib/3.0.0.BETA2","lib/3.0.0.BETA3","lib/3.21.0","maven/1.0.0.BETA1","maven/1.0.0.BETA2","maven/1.0.0.BETA3","maven/1.0.0.BETA4","maven/1.0.0.BETA5","maven/1.13.0","maven/1.14.0","maven/1.15.0","maven/1.16.0","maven/1.17.0","maven/1.18.0","maven/1.19.0","maven/1.20.0","maven/1.21.0","maven/1.21.1","maven/1.22.0","maven/1.23.0","maven/1.23.1","maven/1.24.0","maven/1.24.1","maven/1.24.3","maven/1.25.0","maven/1.25.1","maven/1.26.0","maven/1.26.1","maven/1.27.0","maven/1.28.0","maven/1.29.0","maven/1.30.0","maven/1.31.0","maven/1.31.1","maven/1.31.2","maven/1.31.3","maven/2.0.0","maven/2.0.1","maven/2.0.2","maven/2.0.3","maven/2.1.0","maven/2.10.0","maven/2.10.1","maven/2.10.2","maven/2.10.3","maven/2.11.0","maven/2.11.1","maven/2.12.0","maven/2.12.1","maven/2.12.2","maven/2.12.3","maven/2.13.0","maven/2.13.1","maven/2.14.0","maven/2.15.0","maven/2.16.0","maven/2.17.0","maven/2.17.1","maven/2.17.2","maven/2.17.3","maven/2.17.4","maven/2.17.5","maven/2.17.6","maven/2.17.7","maven/2.18.0","maven/2.19.0","maven/2.19.1","maven/2.19.2","maven/2.2.0","maven/2.20.0","maven/2.20.1","maven/2.20.2","maven/2.21.0","maven/2.22.0","maven/2.22.1","maven/2.22.2","maven/2.22.3","maven/2.22.4","maven/2.22.5","maven/2.22.6","maven/2.22.7","maven/2.22.8","maven/2.23.0","maven/2.24.0","maven/2.24.1","maven/2.25.0","maven/2.26.0","maven/2.27.0","maven/2.27.1","maven/2.27.2","maven/2.28.0","maven/2.29.0","maven/2.3.0","maven/2.3.1","maven/2.31.0","maven/2.32.0","maven/2.33.0","maven/2.34.0","maven/2.35.0","maven/2.36.0","maven/2.37.0","maven/2.38.0","maven/2.4.0","maven/2.4.1","maven/2.4.2","maven/2.40.0","maven/2.41.0","maven/2.41.1","maven/2.42.0","maven/2.43.0","maven/2.44.0","maven/2.44.0.BETA1","maven/2.44.0.BETA2","maven/2.44.0.BETA3","maven/2.5.0","maven/2.6.0","maven/2.6.1","maven/2.7.0","maven/2.8.0","maven/2.8.1","maven/2.9.0","plugin-gradle/6.13.0","plugin-maven/2.30.0","v1.0","v1.1","v1.2.0","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v2.0.0","v2.1.0","v2.2.0","v2.3.0","v2.4.0","v2.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10753.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}