CVE-2020-15141
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | openapi-python-client | <0.5.3 | 0.5.3 |
| PyPI | openapi-python-client | <3e7dfae5d0b3685abf1ede1bc6c086a116ac4746||<0.5.3 | 3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 |
References
- https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj
- https://nvd.nist.gov/vuln/detail/CVE-2020-15141
- https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746
- https://github.com/openapi-generators/openapi-python-client
- https://github.com/pypa/advisory-database/tree/main/vulns/openapi-python-client/PYSEC-2020-70.yaml
- https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13
- https://pypi.org/project/openapi-python-client
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.