CVE-2024-35219
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35219
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35219.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35219
- Aliases
- Related
- Published
- 2024-05-27T16:15:09Z
- Modified
- 2025-01-15T05:16:47.764989Z
- Summary
- [none]
- Details
-
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the
outputFolderoption. The issue was fixed in version 7.6.0 by removing the usage of theoutputFolderoption. No known workarounds are available. - References
Affected packages
Git / github.com/openapitools/openapi-generator
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openapitools/openapi-generator
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
2.*
2.0.17
swagger-codegen_2.*
swagger-codegen_2.9.1-1.1
swagger-codegen_2.9.1-2.0.0
swagger-codegen_2.9.1-2.0.1
v2.*
v2.0.13
v2.0.18
v2.1.0-M1
v2.1.0-M2
v2.1.1-M1
v2.1.2
v2.1.2-M1
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v4.*
v4.0.0
v4.0.0-beta2
v4.0.0-beta3
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v5.*
v5.0.0
v5.0.0-beta
v5.0.0-beta2
v5.0.0-beta3
v5.0.1
v5.1.0
v5.1.1
v5.2.0
v5.2.1
v5.3.0
v5.3.1
v5.4.0
v6.*
v6.0.0
v6.0.0-beta
v6.0.1
v6.1.0
v6.2.0
v6.2.1
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v7.*
v7.0.0
v7.0.0-beta
v7.0.1
v7.1.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0