CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219

OpenAPI Generator (OpenAPI Tools) before version 7.6.0 is vulnerable to path traversal via the outputFolder option, allowing an attacker to read and delete files in arbitrary writable directories. The known impacted range is

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

OpenAPI Tools OpenAPI Generator 安全漏洞

OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. given the OpenAPI specification v2, v3. A security vulnerability exists in OpenAPI Tools OpenAPI Generator prio...

PT-2024-5292 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 7.6.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions a...

Server-side Request Forgery (SSRF)

openapi-generator is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/gen/clients/language path, allowing an attacker to access network resources and sensitive information via a crafted API request...

Server-side Request Forgery (SSRF)

Overview org.openapitools:openapi-generator-online is an a Spring Boot Server application which hosts a client/server generator API. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API endpoints /api/gen/clients/language and /api/gen/servers/framework...

Server side request forgery (ssrf)

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

openapi-generator 代码问题漏洞

openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in openapi-generator version v6.4.0 and earlier, which stems from the discovery of a vulnerability containing a server-side request forgery SSRF vulnerability via...

CVE-2023-27162

CVE-2023-27162 affects openapi-generator up to v6.4.0. Affected component: SSRF via /api/gen/clients/{language}, enabling an attacker to access network resources and sensitive information. CVSS v3.1 base score 9.1 (CRITICAL); attack vector network, low complexity, no privileges, no user interacti...

PT-2023-20982 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...

GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

com.ethlo.lamebda:lamebda-core (>=0.4.0 <=0.5.3), com.ethlo.lamebda:lamebda-server (>=0.5.1 <=0.5.3) +33 more potentially affected by CVE-2019-11405 via org.openapitools:openapi-generator (>=3.0.0 <=4.0.0-beta3)

org.openapitools:openapi-generator MAVEN version =3.0.0, =0.4.0, =0.5.1, =0.4.0, =0.4.0, =0.4.0, =1.1.0, =1.2.0, =0.0.6, =1.1.0, =0.0.5, =1.4.0, =1.1.0, =1.1.0, =1.1.0, =1.3.0 and more Source cves: CVE-2019-11405 Source advisory: OSV:GHSA-27J5-2H6R-C9Q2...

OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

Insecure Temporary File And Folder

openapi-generator-online uses insecure temporary file and folder. The usage of Files.createTempFile to create temporary files and folders allows auto-generated files to be read and modified by any user on the system...

GHSA-CQXR-XF2W-943W Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +127 more potentially affected by CVE-2021-21430 via org.openapitools:openapi-generator (>=3.0.0 <=5.0.1)

org.openapitools:openapi-generator MAVEN version =3.0.0, =4.1, =4.1, =0.1.0.0, =0.1.0.0, =0.1.0.0, =0.4.0, =0.1.0.0, =0.1.3, =1.1, =0.4.0, =0.5.1, =0.4.0, =0.4.0, =0.5.3 and more Source cves: CVE-2021-21430 Source advisory: OSV:GHSA-CQXR-XF2W-943W...