[JAVA] Open Source Vulnerability in slf4j-ext version 1.​7.​12 used in swagger-codegen 2.2.3.

[MariaClemence]

Hi,

We are using io.swagger swagger-codegen 2.2.3 in our project.

There is Open Source Vulnerability reported in slf4j-ext version 1.​7.​12 used in module io.swagger swagger-codegen 2.2.3.

Details on Issue : https://www.cvedetails.com/cve/CVE-2018-8088/?q=CVE-2018-8088

Request you to update if fix will be provided for this issue.

Thanks and Regards,
Vanessa

[HugoMario]

thanks for letting us know @MariaClemence, will check this

[pperez]

I've scanned swagger-codegen-cli:3.0.18 and is showing this vuln too ...

• CVE-2018-8088 (https://access.redhat.com/security/cve/cve-2018-8088)
• SONATYPE-2019-0394 (Maps to CVE-2019-19919 https://nvd.nist.gov/vuln/detail/CVE-2019-19919)
• SONATYPE-2018-0590 (A potential XXE vulnerability found on rhino mozilla/rhino#479)
• CVE-2014-0114 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114)
• CVE-2017-18640 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18640)
• SONATYPE-2017-0359 (https://issues.apache.org/jira/browse/HTTPCLIENT-1803)
• CVE-2019-8331 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8331)
• SONATYPE-2012-0009 (https://www.npmjs.com/advisories/329)
• SONATYPE-2014-0026 (jQuery.parseHTML: Mitigate XSS vulnerability jquery/jquery#1505)
• SONATYPE-2016-0107 (Inadequate/dangerous jQuery behavior for 3rd party text/javascript responses  jquery/jquery#2432)
• CVE-2018-10237 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10237)
• SONATYPE-2012-0050 (https://issues.apache.org/jira/browse/CODEC-134)
• SONATYPE-2016-0129 (XSS in data-target attribute twbs/bootstrap#20184)
• SONATYPE-2017-0492 (https://github.com/javaee/javamail/issues/127)