Lucene search
Veracode Vulnerability DatabaseVERACODE:26471HistoryAug 21, 2020 - 3:53 a.m.
Arbitrary Code Execution
2020-08-2103:53:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
54.0%
openapi_python_client is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the client via a malicious OpenAPI document due to lack of sanitization and validation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openapi-python-client | eq | 0.3.0 | |
| openapi-python-client | le | 0.5.2 | |
| openapi-python-client | eq | 0.3.0 | |
| openapi-python-client | le | 0.5.2 |
References
github.com/advisories/GHSA-9x4c-63pf-525f
github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13
github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a
github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f
pypi.org/project/openapi-python-client/
Related
osv
osv
Arbitrary Code Generation
2020-08-20 14:38:24
PYSEC-2020-71
2020-08-14 17:15:00
CVE-2020-15142
2020-08-14 17:15:14
prion
prion
Design/Logic Flaw
2020-08-14 17:15:00
cvelist
cvelist
CVE-2020-15142 Arbitrary Code Generation
2020-08-14 16:20:13
nvd
nvd
CVE-2020-15142
2020-08-14 17:15:14
cve
cve
CVE-2020-15142
2020-08-14 17:15:14
github
github
Arbitrary Code Generation
2020-08-20 14:38:24