Vulnerability Description
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openapi-Generator | Openapi Generator | < 4.0.0-20190419.052012-560 |
Related Weaknesses (CWE)
References
- https://github.com/OpenAPITools/openapi-generator/issues/2253ExploitThird Party Advisory
- https://github.com/OpenAPITools/openapi-generator/pull/2248Third Party Advisory
- https://github.com/OpenAPITools/openapi-generator/pull/2697Third Party Advisory
- https://github.com/OpenAPITools/openapi-generator/issues/2253ExploitThird Party Advisory
- https://github.com/OpenAPITools/openapi-generator/pull/2248Third Party Advisory
- https://github.com/OpenAPITools/openapi-generator/pull/2697Third Party Advisory
FAQ
What is CVE-2019-11405?
CVE-2019-11405 is a vulnerability with a CVSS score of 8.1 (HIGH). OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved depend...
How severe is CVE-2019-11405?
CVE-2019-11405 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11405?
Check the references section above for vendor advisories and patch information. Affected products include: Openapi-Generator Openapi Generator.