{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:46:00.382","vulnerabilities":[{"cve":{"id":"CVE-2024-35219","sourceIdentifier":"security-advisories@github.com","published":"2024-05-27T16:15:09.027","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."},{"lang":"es","value":"OpenAPI Generator permite la generación de librerías de cliente API (generación de SDK), códigos auxiliares de servidor, documentación y configuración automáticamente dada una especificación OpenAPI. Antes de la versión 7.6.0, los atacantes podían aprovechar una vulnerabilidad de path traversal para leer y eliminar archivos y carpetas de un directorio grabable arbitrario, ya que cualquiera podía configurar la carpeta de salida al enviar la solicitud a través de la opción `outputFolder`. El problema se solucionó en la versión 7.6.0 eliminando el uso de la opción `outputFolder`. No hay workarounds disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d","source":"security-advisories@github.com"},{"url":"https://github.com/OpenAPITools/openapi-generator/pull/18652","source":"security-advisories@github.com"},{"url":"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h","source":"security-advisories@github.com"},{"url":"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/OpenAPITools/openapi-generator/pull/18652","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}