Chrimle

**Name of the Vulnerable Software and Affected Versions** openapi-to-java-records-mustache-templates versions 5.1.1 through 5.5.0 **Description** The `openapi-to-java-records-mustache-templates` project, specifically its parent POM file (`openapi-to-java-records-mustache-templates-parent`), uses the `maven-dependency-plugin` to unpack `.mustache` files from the `openapi-to-java-records-mustache-templates` artifact. This process occurs for versions starting from 5.1.1 and prior to 5.5.1. The parent POM file is published and could be misused. If the `openapi-to-java-records-mustache-templates` artifact were compromised and contained malicious `.mustache` files, these files would be automatically unpacked during a dependency update. The project's surrounding modules and configurations are not intended for production use and exist solely for testing and maintainability. **Recommendations** Do not use the parent POM file (`openapi-to-java-records-mustache-templates-parent`) for external use.