CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

CVE-2023-27162

CVE-2023-27162 affects openapi-generator up to v6.4.0. Affected component: SSRF via /api/gen/clients/{language}, enabling an attacker to access network resources and sensitive information. CVSS v3.1 base score 9.1 (CRITICAL); attack vector network, low complexity, no privileges, no user interacti...

CVE-2021-21428

CVE-2021-21428 affects the OpenAPI Generator project. The issue originates in the openapi-generator-online component, where temporary folders/files were created using File.createTempFile, allowing other users on the same system to read and potentially modify the auto-generated files. Root cause d...

CVE-2021-21429

OpenAPI Generator (Maven plugin) was vulnerable due to using File.createTempFile in the JDK, which could cause insecure temporary files and potential disclosure of the OpenAPI spec contents to other local users. The affected artifact is the OpenAPI Generator Maven plugin; root cause is insecure h...

CVE-2019-11405

CVE-2019-11405 affects OpenAPI Tools OpenAPI Generator prior to 4.0.0-20190419.052012-560. The described vulnerability arises because the project uses http:// URLs in build.gradle, build.gradle.mustache, and build.sbt files, enabling insecurely resolved dependencies. This exposes potential Man-in...