PT-2021-14500 · Unknown · Openapi-Generator-Online

Name of the Vulnerable Software and Affected Versions: openapi-generator-online versions prior to 5.1.0 Description: The openapi-generator-online tool creates insecure temporary folders during the code generation process, allowing any user on the system to read and append to the auto-generated...

Openapi generator 安全漏洞

openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in Openapi generator. The vulnerability arises when the program creates insecure temporary directories that can be read and appended by any user on the system...

PT-2021-14502 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 5.1.0 Description: The issue arises from the use of the JDK method File.createTempFile, which creates insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generate...

OpenAPI Tools OpenAPI Generator 安全漏洞

OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. for a given OpenAPI specification v2, v3. A security vulnerability exists in Openapi generator. The vulnerabili...

@aikosia/automaton (>=0.6.0 <=0.8.1), @aikosia/automaton-cli (>=0.2.1 <=0.3.5) +27 more potentially affected by CVE-2020-7718 via gammautils (>=0.0.2 <=0.0.81)

gammautils NPM version =0.0.2, =0.6.0, =0.2.1, =0.9.0, =0.1.5, =1.0.49, =9.0.0, =0.1.44, =0.1.22, =0.1.20, =1.0.1, =0.0.9, =0.0.7, =0.0.8 and more Source cves: CVE-2020-7718 Source advisory: OSV:GHSA-PGMG-GF5P-54J8...

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +7 more potentially affected by CVE-2021-21429 via org.openapitools:openapi-generator-maven-plugin (>=3.0.2 <=5.0.0)

org.openapitools:openapi-generator-maven-plugin MAVEN version =3.0.2, =4.1, =4.1, =1.1, =1.0.0, =3.0, =0.1.4, =0.1.8 Source cves: CVE-2021-21429 Source advisory: OSV:GHSA-867Q-77CC-98MV...

Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...

GHSA-867Q-77CC-98MV Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...

Insecure Temporary File

org.openapitools, openapi-generator-maven-plugin uses insecure temporary file. The vulnerability exists due to the usage of the function File.createTempFile which allows an attacker can predict the name of the temporary file and potentially gain access to confidential information...

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

Design/Logic Flaw

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

CVE-2021-21429

OpenAPI Generator (Maven plugin) was vulnerable due to using File.createTempFile in the JDK, which could cause insecure temporary files and potential disclosure of the OpenAPI spec contents to other local users. The affected artifact is the OpenAPI Generator Maven plugin; root cause is insecure h...

CVE-2021-21429 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

OpenAPI Generator 安全漏洞

OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. given the OpenAPI specification v2, v3. A security vulnerability exists in OpenAPI Generator v5.1.0, which stem...

Sifchain: Exposed Openapi Token

Summary While looking for secrets, I noticed that Developers had removed a swagger spec draft. The URL had a committed token in the history of multiple project files: ui/core/src/api/transactionsService.ts ui/core/src/api/tendermintService.ts ui/core/src/api/stakingService.ts...

CVE-2021-21364

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then...

ato.de.com Cross Site Scripting vulnerability OBB-1459121

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...