admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-151xx/CVE-2020-15141.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

149 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-15141",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-08-14T17:15:13.877",
"lastModified": "2020-08-20T18:02:53.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk."
},
{
"lang": "es",
"value": "En openapi-python-client versiones anteriores a 0.5.3, se presenta una vulnerabilidad de salto de ruta. Si un usuario gener\u00f3 un cliente usando un documento OpenAPI dise\u00f1ado maliciosamente, es posible que los archivos generados sean colocados en ubicaciones arbitrarias sobre el disco."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.0,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openapi-python-client_project:openapi-python-client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.3",
"matchCriteriaId": "E4C899BC-6C5B-4172-8F24-61AB8DAFFB00"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pypi.org/project/openapi-python-client",
"source": "security-advisories@github.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink