Home > Vulnerability Database > CVE-2024-35219

Mend.io Vulnerability Database

CVE-2024-35219

Good to know:

Date: May 27, 2024

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the "outputFolder" option. The issue was fixed in version 7.6.0 by removing the usage of the "outputFolder" option. No known workarounds are available.

Language: Java

Severity Score

8.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35219

Url: https://github.com/OpenAPITools/openapi-generator/pull/18652

Url: https://github.com/OpenAPITools/openapi-generator

Url: https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d

Url: https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h

Url: https://www.mend.io/vulnerability-database/CVE-2024-35219

Severity Score

8.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.openapitools:openapi-generator-online:7.6.0

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35219

Good to know:

Date: May 27, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?