Base Score

MEDIUM4.1

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateAug 14, 2020, 17:15

Affected Versions(1)

openapi-python-client(PyPI)

Introduced0

Fixed0.5.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
openapi-python-client(PyPI)	0	0.5.3	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

4.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM4.1

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

4.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE