A security scan has identified a High-severity vulnerability in the jackson-core library bundled within the OpenAPI Generator JAR.
Vulnerability Details:
ID: GHSA-72hv-8253-57qq
Severity: High (7.5)
Package: com.fasterxml.jackson.core:jackson-core
Affected Version: 2.18.2
Fixed Version: 2.18.6
Location in Project:
In the latest CLI release, the vulnerable library is located at:
@openapitools/openapi-generator-cli/versions/7.20.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.properties
Steps to Reproduce:
Use @openapitools/openapi-generator-cli version 2.30.0 (which pulls generator 7.20.0).
Run a container security scan (e.g., Trivy, Grype, or Prisma Cloud) on the environment.
The scan flags the bundled jackson-core-2.18.2.jar inside the generator JAR.
Suggested Fix:
Update the pom.xml in the OpenAPI Generator root to use jackson-core version 2.18.6 or higher.
A security scan has identified a High-severity vulnerability in the jackson-core library bundled within the OpenAPI Generator JAR.
Vulnerability Details:
ID: GHSA-72hv-8253-57qq
Severity: High (7.5)
Package: com.fasterxml.jackson.core:jackson-core
Affected Version: 2.18.2
Fixed Version: 2.18.6
Location in Project:
In the latest CLI release, the vulnerable library is located at:
@openapitools/openapi-generator-cli/versions/7.20.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.properties
Steps to Reproduce:
Use @openapitools/openapi-generator-cli version 2.30.0 (which pulls generator 7.20.0).
Run a container security scan (e.g., Trivy, Grype, or Prisma Cloud) on the environment.
The scan flags the bundled jackson-core-2.18.2.jar inside the generator JAR.
Suggested Fix:
Update the pom.xml in the OpenAPI Generator root to use jackson-core version 2.18.6 or higher.