{"id":"PYSEC-2020-71","details":"In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.","aliases":["CVE-2020-15142","GHSA-9x4c-63pf-525f"],"modified":"2023-11-08T04:02:31.004919Z","published":"2020-08-14T17:15:00Z","references":[{"type":"WEB","url":"https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13"},{"type":"PACKAGE","url":"https://pypi.org/project/openapi-python-client/"},{"type":"FIX","url":"https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a"},{"type":"ADVISORY","url":"https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f"}],"affected":[{"package":{"name":"openapi-python-client","ecosystem":"PyPI","purl":"pkg:pypi/openapi-python-client"},"ranges":[{"type":"GIT","repo":"https://github.com/triaxtec/openapi-python-client","events":[{"introduced":"0"},{"fixed":"f7a56aae32cba823a77a84a1f10400799b19c19a"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.3"}]}],"versions":["0.1.0.dev0","0.1.0","0.1.1","0.1.2","0.2.0","0.2.1","0.3.0","0.4.0rc1","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/openapi-python-client/PYSEC-2020-71.yaml"}}],"schema_version":"1.7.3"}