{"id":"UBUNTU-CVE-2019-10753","details":"In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.","modified":"2026-01-20T16:46:03.785546Z","published":"2019-09-05T20:15:00Z","upstream":["CVE-2019-10753"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10753"},{"type":"REPORT","url":"https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-10753"}],"affected":[{"package":{"name":"eclipse-wtp","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/eclipse-wtp@3.6.3-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.6.3-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp"},{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp-servertools"},{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp-webtools"},{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp-ws"},{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp-xmltools"},{"binary_version":"3.6.3-1","binary_name":"eclipse-wtp-xsl"},{"binary_version":"3.6.3-1","binary_name":"w3c-xsd-xslt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10753.json"}},{"package":{"name":"eclipse-wtp","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/eclipse-wtp@3.6.3-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.6.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp"},{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp-servertools"},{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp-webtools"},{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp-ws"},{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp-xmltools"},{"binary_version":"3.6.3-3","binary_name":"eclipse-wtp-xsl"},{"binary_version":"3.6.3-3","binary_name":"w3c-xsd-xslt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10753.json"}},{"package":{"name":"eclipse-wtp","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/eclipse-wtp@3.18-5?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.18-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.201+eclipse3.18-5","binary_name":"libeclipse-jem-util-java"},{"binary_version":"1.3.0+eclipse3.18-5","binary_name":"libeclipse-wst-common-core-java"},{"binary_version":"1.2.600+eclipse3.18-5","binary_name":"libeclipse-wst-common-emf-java"},{"binary_version":"1.2.101+eclipse3.18-5","binary_name":"libeclipse-wst-common-emfworkbench-integration-java"},{"binary_version":"1.0.400+eclipse3.18-5","binary_name":"libeclipse-wst-common-environment-java"},{"binary_version":"1.2.201+eclipse3.18-5","binary_name":"libeclipse-wst-common-frameworks-java"},{"binary_version":"1.2.400+eclipse3.18-5","binary_name":"libeclipse-wst-common-frameworks-ui-java"},{"binary_version":"1.4.400+eclipse3.18-5","binary_name":"libeclipse-wst-common-project-facet-core-java"},{"binary_version":"1.1.700+eclipse3.18-5","binary_name":"libeclipse-wst-common-ui-java"},{"binary_version":"1.2.300+eclipse3.18-5","binary_name":"libeclipse-wst-common-uriresolver-java"},{"binary_version":"1.2.400+eclipse3.18-5","binary_name":"libeclipse-wst-sse-core-java"},{"binary_version":"1.7.0+eclipse3.18-5","binary_name":"libeclipse-wst-sse-ui-java"},{"binary_version":"1.2.800+eclipse3.18-5","binary_name":"libeclipse-wst-validation-java"},{"binary_version":"1.2.600+eclipse3.18-5","binary_name":"libeclipse-wst-validation-ui-java"},{"binary_version":"1.2.200+eclipse3.18-5","binary_name":"libeclipse-wst-xml-core-java"},{"binary_version":"1.2.400+eclipse3.18-5","binary_name":"libeclipse-wst-xml-ui-java"},{"binary_version":"1.2.0+eclipse3.18-5","binary_name":"libeclipse-wst-xsd-core-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10753.json"}},{"package":{"name":"eclipse-wtp","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/eclipse-wtp@3.18-6?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.18-6"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.201+eclipse3.18-6","binary_name":"libeclipse-jem-util-java"},{"binary_version":"1.3.0+eclipse3.18-6","binary_name":"libeclipse-wst-common-core-java"},{"binary_version":"1.2.600+eclipse3.18-6","binary_name":"libeclipse-wst-common-emf-java"},{"binary_version":"1.2.101+eclipse3.18-6","binary_name":"libeclipse-wst-common-emfworkbench-integration-java"},{"binary_version":"1.0.400+eclipse3.18-6","binary_name":"libeclipse-wst-common-environment-java"},{"binary_version":"1.2.201+eclipse3.18-6","binary_name":"libeclipse-wst-common-frameworks-java"},{"binary_version":"1.2.400+eclipse3.18-6","binary_name":"libeclipse-wst-common-frameworks-ui-java"},{"binary_version":"1.4.400+eclipse3.18-6","binary_name":"libeclipse-wst-common-project-facet-core-java"},{"binary_version":"1.1.700+eclipse3.18-6","binary_name":"libeclipse-wst-common-ui-java"},{"binary_version":"1.2.300+eclipse3.18-6","binary_name":"libeclipse-wst-common-uriresolver-java"},{"binary_version":"1.2.400+eclipse3.18-6","binary_name":"libeclipse-wst-sse-core-java"},{"binary_version":"1.7.0+eclipse3.18-6","binary_name":"libeclipse-wst-sse-ui-java"},{"binary_version":"1.2.800+eclipse3.18-6","binary_name":"libeclipse-wst-validation-java"},{"binary_version":"1.2.600+eclipse3.18-6","binary_name":"libeclipse-wst-validation-ui-java"},{"binary_version":"1.2.200+eclipse3.18-6","binary_name":"libeclipse-wst-xml-core-java"},{"binary_version":"1.2.400+eclipse3.18-6","binary_name":"libeclipse-wst-xml-ui-java"},{"binary_version":"1.2.0+eclipse3.18-6","binary_name":"libeclipse-wst-xsd-core-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10753.json"}},{"package":{"name":"eclipse-wtp","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/eclipse-wtp@3.35-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.35-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2.100+eclipse3.35-1","binary_name":"libeclipse-jem-util-java"},{"binary_version":"1.4.100+eclipse3.35-1","binary_name":"libeclipse-wst-common-core-java"},{"binary_version":"1.2.700+eclipse3.35-1","binary_name":"libeclipse-wst-common-emf-java"},{"binary_version":"1.3.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-emfworkbench-integration-java"},{"binary_version":"1.1.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-environment-java"},{"binary_version":"1.3.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-frameworks-java"},{"binary_version":"1.3.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-frameworks-ui-java"},{"binary_version":"1.5.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-project-facet-core-java"},{"binary_version":"1.2.401+eclipse3.35-1","binary_name":"libeclipse-wst-common-ui-java"},{"binary_version":"1.4.0+eclipse3.35-1","binary_name":"libeclipse-wst-common-uriresolver-java"},{"binary_version":"1.2.1400+eclipse3.35-1","binary_name":"libeclipse-wst-sse-core-java"},{"binary_version":"1.7.1000+eclipse3.35-1","binary_name":"libeclipse-wst-sse-ui-java"},{"binary_version":"1.3.100+eclipse3.35-1","binary_name":"libeclipse-wst-validation-java"},{"binary_version":"1.3.100+eclipse3.35-1","binary_name":"libeclipse-wst-validation-ui-java"},{"binary_version":"1.2.900+eclipse3.35-1","binary_name":"libeclipse-wst-xml-core-java"},{"binary_version":"1.2.701+eclipse3.35-1","binary_name":"libeclipse-wst-xml-ui-java"},{"binary_version":"1.2.101+eclipse3.35-1","binary_name":"libeclipse-wst-xsd-core-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10753.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}]}