Описание
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.
Ссылки
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.5.3 (исключая)
cpe:2.3:a:openapi-python-client_project:openapi-python-client:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00757
Низкий
8 High
CVSS3
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-94
CWE-94
Связанные уязвимости
CVSS3: 8
github
больше 5 лет назад
openapi-python-client Arbitrary Code Generation vulnerability
EPSS
Процентиль: 73%
0.00757
Низкий
8 High
CVSS3
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-94
CWE-94