In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.
References
Link | Resource |
---|---|
https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 | Release Notes Third Party Advisory |
https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a | Patch Third Party Advisory |
https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f | Third Party Advisory |
https://pypi.org/project/openapi-python-client/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-08-14T16:20:13
Updated: 2020-08-14T16:20:13
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15142
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-14T17:15:14.157
Modified: 2020-08-20T18:11:03.167
Link: CVE-2020-15142
JSON object: View
Redhat Information
No data.
CWE