Описание
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Ссылки
- Product
- Third Party Advisory
- Product
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- Product
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.0 (включая)
cpe:2.3:a:openapi-generator:openapi_generator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 9.1
github
почти 3 года назад
OpenAPI Generator vulnerable to Server-Side Request Forgery
EPSS
Процентиль: 33%
0.00131
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918