GHSA-9X4C-63PF-525F openapi-python-client Arbitrary Code Generation vulnerability

Impact Clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. Giving this a CVSS of 8.0 high with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C . Patches Fix will be...

GHSA-7WGR-7666-7PWJ Path Traversal in openapi-python-client

Impact Path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. Giving this a CVSS score of 3.0 Low with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N/E:P/RL:U/RC:C Patch...

Path Traversal in openapi-python-client

Impact Path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. Giving this a CVSS score of 3.0 Low with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N/E:P/RL:U/RC:C Patch...

Directory Traversal

openapi-python-client is vulnerable to directory traversal. An attacker is able to write files on arbitrary locations on disk by generating a client with a malicious OpenAPI document...

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

PYSEC-2020-71

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

Path traversal

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

PYSEC-2020-70

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

Design/Logic Flaw

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

PYSEC-2020-70

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

CVE-2020-15141 Path Traversal in openapi-python-client

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

CVE-2020-15141

OpenAPI Python Client vulnerability CVE-2020-15141 affects openapi-python-client before version 0.5.3. A maliciously crafted OpenAPI document can trigger path traversal, allowing generated client files to be written to arbitrary locations on disk. The issue is tied to the code path that generates...

CVE-2020-15142 Arbitrary Code Generation

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

CVE-2020-15142

Vulnerability affects openapi-python-client: clients generated with a malicious OpenAPI Document prior to version 0.5.3 can execute arbitrary Python code after generation. Root cause is lack of proper sanitization/validation during client code generation, enabling arbitrary code execution on subs...

GitLab: Stored XSS in blob viewer

Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...

Man-in-the-Middle (MitM)

openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...