In file: pom.xml, HTTP protocol was used to access a maven repository. The configuration is broken and HTTPS should be used here. This may have severe security consequences.
Suggested Fix
even though this is an issue but a possible fix is suggested below,
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
In file: pom.xml, HTTP protocol was used to access a maven repository. The configuration is broken and HTTPS should be used here. This may have severe security consequences.
Suggested Fix
even though this is an issue but a possible fix is suggested below,
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.