CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15141 – Path Traversal in openapi-python-client
https://notcve.org/view.php?id=CVE-2020-15141
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. En openapi-python-client versiones anteriores a 0.5.3, se presenta una vulnerabilidad de salto de ruta. Si un usuario generó un cliente usando un documento OpenAPI diseñado maliciosamente, es posible que los archivos generados sean colocados en ubicaciones arbitrarias sobre el disco. • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj https://pypi.org/project/openapi-python-client • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15142 – Arbitrary Code Generation
https://notcve.org/view.php?id=CVE-2020-15142
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. En openapi-python-client versiones anteriores a 0.5.3, los clientes generados con un Documento OpenAPI diseñado maliciosamente pueden generar código Python arbitrario. Una ejecución posterior de este cliente malicioso es una ejecución de código arbitraria. • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f https://pypi.org/project/openapi-python-client • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11021 – HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
https://notcve.org/view.php?id=CVE-2020-11021
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8. Actions Http-Client (NPM @actions/http-client) versiones anteriores a 1.0.8, puede revelar los encabezados de Autorización en dominios incorrectos en determinados escenarios de redireccionamiento. Las condiciones en las que esto ocurre son si los consumidores del http-client: 1. hacen una petición http con un encabezado de autorización 2. esa petición conduce a un redireccionamiento (302) y 3. la URL de redireccionamiento redirecciona a otro dominio o nombre de host. • https://github.com/ossf-cve-benchmark/CVE-2020-11021 https://github.com/actions/http-client/commit/f6aae3dda4f4c9dc0b49737b36007330f78fd53a https://github.com/actions/http-client/pull/27 https://github.com/actions/http-client/security/advisories/GHSA-9w6v-m7wp-jwg4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17590
https://notcve.org/view.php?id=CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the "try again" button, the attacker can take over the account and perform unintended actions on the victim's behalf. NOTE: A third-party maintainer has stated that this CVE is a false report. They state that the csrf_callback function is actually a callback function to the callers own handler for output. • https://pastebin.com/01tDgq7u • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15224
https://notcve.org/view.php?id=CVE-2019-15224
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. La gema rest-client versión 1.6.10 a 1.6.13 para Ruby, distribuida en RubyGems.org, incluía una puerta trasera de ejecución de código insertada por un tercero. Las versiones <-1.6.9 y >-1.6.14 no se ven afectadas. • https://github.com/rest-client/rest-client/issues/713 https://rubygems.org/gems/rest-client/versions • CWE-94: Improper Control of Generation of Code ('Code Injection') •