Please open a security advisory

OpenAPITools / openapi-generator

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)

https://openapi-generator.tech

Apache License 2.0

21.3k stars 6.44k forks source link

Please open a security advisory #8517

Open JLLeitschuh opened 3 years ago

JLLeitschuh commented 3 years ago

The openapi-generator and the swagger code generator both share the same common security vulnerability. Please open a security advisory so we can privately discuss the vulnerability.

https://github.com/OpenAPITools/openapi-generator/security/advisories

JLLeitschuh commented 3 years ago

Cross posing as this is the same vulnerability. https://github.com/swagger-api/swagger-codegen/issues/10873

wing328 commented 3 years ago

@JLLeitschuh please email team@openapitools.org to discuss the vulnerability for the time being as stated in the project's README.

JLLeitschuh commented 3 years ago

I'd prefer to not, if possible. I'm finding email to be a PITA.

If you really need me to, I can, but I'd prefer if I didn't need to.

wing328 commented 3 years ago

Please email us the details to start with 🙇‍♂️

(the core team will discuss internally about using the security advisory provided by Github and who's going monitor it, etc)

JLLeitschuh commented 3 years ago

Sent

wing328 commented 3 years ago

Thanks. We'll review and get back to you.