{"id":"PYSEC-2020-70","details":"In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.","aliases":["CVE-2020-15141","GHSA-7wgr-7666-7pwj"],"modified":"2023-11-08T04:02:30.943540Z","published":"2020-08-14T17:15:00Z","references":[{"type":"FIX","url":"https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746"},{"type":"WEB","url":"https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13"},{"type":"ADVISORY","url":"https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj"},{"type":"PACKAGE","url":"https://pypi.org/project/openapi-python-client"}],"affected":[{"package":{"name":"openapi-python-client","ecosystem":"PyPI","purl":"pkg:pypi/openapi-python-client"},"ranges":[{"type":"GIT","repo":"https://github.com/triaxtec/openapi-python-client","events":[{"introduced":"0"},{"fixed":"3e7dfae5d0b3685abf1ede1bc6c086a116ac4746"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.3"}]}],"versions":["0.1.0.dev0","0.1.0","0.1.1","0.1.2","0.2.0","0.2.1","0.3.0","0.4.0rc1","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/openapi-python-client/PYSEC-2020-70.yaml"}}],"schema_version":"1.7.3"}