-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from template files (build.gradle.mustache, build.sbt.mustache) hardcoding HTTP URLs for Maven repositories. These templates are used to generate project scaffolding, and HTTP dependencies expose users to MITM attacks. The provided PRs (#2248, #2697) explicitly show fixes replacing HTTP with HTTPS in these templates. The files mentioned in CVE/GHSA descriptions and issue #2253 directly map to these template paths, confirming their role in the vulnerability.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.openapitools:openapi-generator | maven | < 4.0.0-20190419.052012-560 | 4.0.0-20190419.052012-560 |