CVE-2023-27162

CVSS v3.1 9.1 (Critical)

EPSS 0.11 % (45^th)

Affected Products 1

Advisories 1

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Weaknesses

CWE-918: Server-Side Request Forgery (SSRF)

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2023-03-31 20:15:07
(17 months ago)
Updated Date: 2023-04-07 01:40:43
(17 months ago)

Affected Products

Openapi-generator

Openapi Generator

Configuration #1

		CPE23	From	Up To
	Openapi-generator Openapi Generator 6.4.0 and prior versions	cpe:2.3:a:openapi-generator:openapi_generator		<= 6.4.0