MidnightBSD

Advisories for openapi-python-client_project

CVE-2020-15141 MEDIUM

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N 2.3 1.4
security-advisories@github.com 3.0 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N 1.3 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
openapi-python-client_project openapi-python-client *
CVE-2020-15142 MEDIUM

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
security-advisories@github.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
openapi-python-client_project openapi-python-client *