CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

2024-05-2716:11:22

CWE-22

GitHub_M

github.com

cve-2024-35219

openapi generator

api client libraries

server stubs

documentation

path traversal vulnerability

arbitrary file read

arbitrary file delete

outputfolder option

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

6.6

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. The issue was fixed in version 7.6.0 by removing the usage of the outputFolder option. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "OpenAPITools",
    "product": "openapi-generator",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.6.0"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:openapitools:openapi-generator:*:*:*:*:*:*:*:*"
    ],
    "vendor": "openapitools",
    "product": "openapi-generator",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "7.6.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]