CVE-2020-15141 Information

Feb 14, 2021 cve

Description

In openapi-python-client before version 0.5.3 there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document it is possible for generated files to be placed in arbitrary locations on disk.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Reference

https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md053—2020-08-13 https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj https://pypi.org/project/openapi-python-client

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.1

Share on: