Description
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.
Remediation
References
https://github.com/OpenAPITools/openapi-generator/issues/2253
https://github.com/OpenAPITools/openapi-generator/pull/2248
https://github.com/OpenAPITools/openapi-generator/pull/2697
Related Vulnerabilities
CVE-2023-38992 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common
CVE-2017-16131 Vulnerability in npm package unicorn-list
CVE-2021-37533 Vulnerability in maven package commons-net:commons-net
CVE-2022-2079 Vulnerability in npm package nocodb
CVE-2022-25931 Vulnerability in npm package easy-static-server