{"id":"CVE-2021-41034","details":"The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.","modified":"2026-03-14T11:11:08.735042Z","published":"2021-09-29T22:15:07.367Z","references":[{"type":"ADVISORY","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=540989"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/che","events":[{"introduced":"26f6766390f6ff7481ce296cafc8d07d638160b4"},{"fixed":"bc4c55a2926bfe74598a838202d9de4b7c830485"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"7.0.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}