Base Score

CRITICAL9

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateAug 14, 2020, 17:15

Affected Versions(1)

openapi-python-client(PyPI)

Introduced0

Fixed0.5.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
openapi-python-client(PyPI)	0	0.5.3	N/A

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

CRITICAL9

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH