openapi-generator icon indicating copy to clipboard operation
openapi-generator copied to clipboard
verified publisher icon OpenAPITools

Unresolved CVE in v 7.13.0

Open SB6310-Equans opened this issue 7 months ago • 3 comments

Hello,

We're using your librarie in one of our projects, and while resolving it's vulnerabilities, it seems that the latest version available on the maven repository repository does not resolved these CVE :

[ERROR] swagger-parser-core-2.1.22.jar: CVE-2019-7238(9.8), CVE-2020-10204(7.2), CVE-2020-10199(8.8) [ERROR] swagger-parser-safe-url-resolver-2.1.22.jar: CVE-2022-2900(9.1), CVE-2022-2216(9.8)

We're using owasp dependency check

<groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId>

Are those in your backlog at the moment ?

Thank you.

SB6310-Equans avatar May 22 '25 10:05 SB6310-Equans

just filed https://github.com/OpenAPITools/openapi-generator/pull/21325 to update swagger parser to the latest version

wing328 avatar May 24 '25 03:05 wing328

Thank you for this.

We actually found another one, with a much lower criticity : [ERROR] threetenbp-1.7.0.jar: CVE-2024-23082(5.3)

SB6310-Equans avatar May 26 '25 17:05 SB6310-Equans