635 matches found
PYSEC-2020-71
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...
PYSEC-2020-70
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...
Design/Logic Flaw
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...
PYSEC-2020-70
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...
CVE-2020-15141 Path Traversal in openapi-python-client
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...
CVE-2020-15141
OpenAPI Python Client vulnerability CVE-2020-15141 affects openapi-python-client before version 0.5.3. A maliciously crafted OpenAPI document can trigger path traversal, allowing generated client files to be written to arbitrary locations on disk. The issue is tied to the code path that generates...
CVE-2020-15142 Arbitrary Code Generation
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...
CVE-2020-15142
Vulnerability affects openapi-python-client: clients generated with a malicious OpenAPI Document prior to version 0.5.3 can execute arbitrary Python code after generation. Root cause is lack of proper sanitization/validation during client code generation, enabling arbitrary code execution on subs...
GitLab: Stored XSS in blob viewer
Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...
Man-in-the-Middle (MitM)
openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
Design/Logic Flaw
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
CVE-2019-11405
CVE-2019-11405 affects OpenAPI Tools OpenAPI Generator prior to 4.0.0-20190419.052012-560. The described vulnerability arises because the project uses http:// URLs in build.gradle, build.gradle.mustache, and build.sbt files, enabling insecurely resolved dependencies. This exposes potential Man-in...
GHSA-Q7PF-QR96-2VQ5 Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
XML External Entity (XXE)
vertx-web-api-contract is vulnerable to XML external entity XXE attacks. The OpenAPI XMLTypeValidator function allows access to external Document Type Definition DTD and schemas, which would allow a remote attacker to perform XXE attacks by passing a malicious XML file...
GHSA-QH3M-QW6V-QVHG Moderate severity vulnerability that affects io.vertx:vertx-core
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
Moderate severity vulnerability that affects io.vertx:vertx-core
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...