How severe is CVE-2024-35219?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-35219?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-35219 - HIGH Severity | CVSS 8.3

Vulnerability Description

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.

Related Vulnerabilities

CVE-2021-27275

HIGH

CVSS:8.3(High)

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authen...

CWE-222021

CVE-2021-29492

HIGH

CVSS:8.3(High)

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path wit...

CWE-222021

CVE-2023-42130

HIGH

CVSS:8.3(High)

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installatio...

CWE-222023

CVE-2023-46496

HIGH

CVSS:8.3(High)

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoi...

CWE-222023

CVE-2024-21677

HIGH

CVSS:8.3(High)

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attac...

CWE-222024

CVE-2024-23468

HIGH

CVSS:8.3(High)

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file dele...

CWE-222024