CVE-2024-35219
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. The issue was fixed in version 7.6.0 by removing the usage of the outputFolder option. No known workarounds are available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenAPITools | openapi-generator | < 7.6.0 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
- https://github.com/OpenAPITools/openapi-generator/pull/18652
- https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
References
- https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
- https://github.com/OpenAPITools/openapi-generator/pull/18652
- https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.