CVE-2024-35219 PoC — OpenAPI Tools OpenAPI Generator 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-35219.yaml

Associated Vulnerability

Title:OpenAPI Tools OpenAPI Generator 安全漏洞 (CVE-2024-35219)
Description:OpenAPI Tools OpenAPI Generator是一款OpenAPI生成器。该产品允许在给定OpenAPI规范（v2，v3）的情况下自动生成API客户端库（SDK生成），服务器存根，文档和配置等。 OpenAPI Tools OpenAPI Generator 7.6.0之前版本存在安全漏洞，该漏洞源于存在路径遍历，攻击者利用该漏洞可以读取和删除任意可写目录中的文件和文件夹。

Description

OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory.

File Snapshot


 id: CVE-2024-35219

info:
  name: OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!