CVE-2020-15141

Опубликовано: 14 авг. 2020

Источник: nvd

CVSS3: 3

CVSS3: 4.1

CVSS2: 4

EPSS Низкий

Описание

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.

Ссылки

https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13
Release Notes
Third Party Advisory
https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746
Patch
Third Party Advisory
https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj
Third Party Advisory
https://pypi.org/project/openapi-python-client
Product
Third Party Advisory
https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13
Release Notes
Third Party Advisory
https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746
Patch
Third Party Advisory
https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj
Third Party Advisory
https://pypi.org/project/openapi-python-client
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openapi-python-client_project:openapi-python-client:*:*:*:*:*:*:*:*

Версия до 0.5.3 (исключая)

EPSS

Процентиль: 58%

0.00362

Низкий

3 Low

CVSS3

4.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7wgr-7666-7pwj

CVSS3: 3

github

больше 5 лет назад

Path Traversal in openapi-python-client

EPSS

Процентиль: 58%

0.00362

Низкий

3 Low

CVSS3

4.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22