CVE-2020-15141

2020-08-1417:15:13

Google

osv.dev

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.

CPENameOperatorVersion
openapi-python-clienteq.0.5.1
openapi-python-clienteq.0.2.1
openapi-python-clienteq.0.5.0
openapi-python-clienteq.0.5.2
openapi-python-clienteq.0.4.0
openapi-python-clienteq.0.3.0
openapi-python-clienteq0.1.0
openapi-python-clienteq.0.4.2
openapi-python-clienteq.0.1.2
openapi-python-clienteq.0.4.1

Name	Operator	Version
openapi-python-client	eq	.0.5.1
openapi-python-client	eq	.0.2.1
openapi-python-client	eq	.0.5.0
openapi-python-client	eq	.0.5.2
openapi-python-client	eq	.0.4.0
openapi-python-client	eq	.0.3.0
openapi-python-client	eq	0.1.0
openapi-python-client	eq	.0.4.2
openapi-python-client	eq	.0.1.2
openapi-python-client	eq	.0.4.1