635 matches found
CVE-2024-35219
A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete...
CVE-2024-35219
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
CVE-2024-35219
OpenAPI Generator (OpenAPI Tools) before version 7.6.0 is vulnerable to path traversal via the outputFolder option, allowing an attacker to read and delete files in arbitrary writable directories. The known impacted range is
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
OpenAPI Tools OpenAPI Generator 安全漏洞
OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. given the OpenAPI specification v2, v3. A security vulnerability exists in OpenAPI Tools OpenAPI Generator prio...
PT-2024-5292 · Unknown · Openapi Generator
Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 7.6.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions a...
Fedora: Security Advisory (FEDORA-2024-000a25f3fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: python-openapi-core-0.19.1-3.fc40
Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...
Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...
CVE-2023-6916
CVE-2023-6916 affects Nozomi Guardian/CMC before version 23.4.1. The issue is that audit records for OpenAPI requests may contain sensitive information, creating a path to unauthorized access and privilege escalation. The connected documents explicitly associate this vulnerability with Guardian/C...
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation...
Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
Summary Audit records for OpenAPI requests may include sensitive information. Impact Unauthorized access, privilege escalation. Mitigation Nozomi Networks recommends creating specific users for OpenAPI usage, with only the necessary permissions to access the required data sources. Additionally, i...
aimapper (=0.1.0), aimfast (>=0.1.0 <=1.3.3) +237 more potentially affected by CVE-2023-41334 via astropy (>=1.2.1 <=5.3.2)
astropy PYPI version =1.2.1, =0.1.0, =0.2.0, =0.2.2, =0.7.1, =2.5.0, =0.0.3, =0.0.1, =1.0.1, =0.3.0, =0.0.2, =1.0.0, =1.4.0 and more Source cves: CVE-2023-41334 Source advisory: OSV:GHSA-H2X6-5JX5-46HF...
[SECURITY] Fedora 38 Update: python-fastapi-0.99.0-7.fc38
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...
[SECURITY] Fedora 39 Update: python-fastapi-0.103.0-10.fc39
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...
BIT-GITLAB-2022-3726
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...
Google Extensible Service Proxy 2.20.0 < 2.43.0 Authentication Bypass
Google Extensible Service Proxy ESP is a scalable proxy provided by the Google Cloud Platform GCP used to provide API management features based on an OpenAPI or gRPC API backend. ESP versions starting 2.20.0 and before 2.43.0 suffer from an authentication bypass vulnerability. By crafting a...
Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...