Lucene search

GitHub_MCVELIST:CVE-2024-35219

HistoryMay 27, 2024 - 4:11 p.m.

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

2024-05-2716:11:22

CWE-22

GitHub_M

www.cve.org

openapi generator

online

file read

file delete

arbitrary

path traversal

vulnerability

openapi spec

version 7.6.0

output folder

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. The issue was fixed in version 7.6.0 by removing the usage of the outputFolder option. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "OpenAPITools",
    "product": "openapi-generator",
    "versions": [
      {
        "version": "< 7.6.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d

github.com/OpenAPITools/openapi-generator/pull/18652

github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVELIST:CVE-2024-35219