Description
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.
Remediation
References
https://github.com/OpenAPITools/openapi-generator/issues/2253
https://github.com/OpenAPITools/openapi-generator/pull/2248
https://github.com/OpenAPITools/openapi-generator/pull/2697
Related Vulnerabilities
CVE-2020-36649 Vulnerability in maven package org.webjars.npm:papaparse
CVE-2019-10754 Vulnerability in maven package org.apereo.cas:cas-server-support-oauth-core-api
CVE-2021-21267 Vulnerability in npm package schema-inspector
CVE-2021-21165 Vulnerability in npm package electron
CVE-2021-23362 Vulnerability in maven package org.webjars.npm:hosted-git-info