CVE-2024-35219

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35219
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
https://github.com/OpenAPITools/openapi-generator/pull/18652
https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
Configurations

No configuration.

History

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) OpenAPI Generator permite la generación de librerías de cliente API (generación de SDK), códigos auxiliares de servidor, documentación y configuración automáticamente dada una especificación OpenAPI. Antes de la versión 7.6.0, los atacantes podían aprovechar una vulnerabilidad de path traversal para leer y eliminar archivos y carpetas de un directorio grabable arbitrario, ya que cualquiera podía configurar la carpeta de salida al enviar la solicitud a través de la opción `outputFolder`. El problema se solucionó en la versión 7.6.0 eliminando el uso de la opción `outputFolder`. No hay workarounds disponibles.

27 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 16:15

Updated : 2024-05-28 12:39

NVD link : CVE-2024-35219

Mitre link : CVE-2024-35219

CVE.ORG link : CVE-2024-35219

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')