Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.openapitools/openapi-generator-online@3.2.2
Typemaven
Namespaceorg.openapitools
Nameopenapi-generator-online
Version3.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.6.0
Latest_non_vulnerable_version7.6.0
Affected_by_vulnerabilities
0
url VCID-53pf-zr8e-47fm
vulnerability_id VCID-53pf-zr8e-47fm
summary 
OpenAPI Generator Online - Arbitrary File Read/Delete
Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35219.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35219
reference_id
reference_type
scores
0
value 0.40124
scoring_system epss
scoring_elements 0.97423
published_at 2026-06-09T12:55:00Z
1
value 0.40124
scoring_system epss
scoring_elements 0.9742
published_at 2026-06-07T12:55:00Z
2
value 0.40124
scoring_system epss
scoring_elements 0.97421
published_at 2026-06-06T12:55:00Z
3
value 0.40124
scoring_system epss
scoring_elements 0.97422
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35219
2
reference_url https://github.com/OpenAPITools/openapi-generator
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OpenAPITools/openapi-generator
3
reference_url https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:27:13Z/
url https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
4
reference_url https://github.com/OpenAPITools/openapi-generator/pull/18652
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:27:13Z/
url https://github.com/OpenAPITools/openapi-generator/pull/18652
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2283564
reference_id 2283564
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2283564
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35219
reference_id CVE-2024-35219
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35219
7
reference_url https://github.com/advisories/GHSA-g3hr-p86p-593h
reference_id GHSA-g3hr-p86p-593h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g3hr-p86p-593h
8
reference_url https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
reference_id GHSA-g3hr-p86p-593h
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:27:13Z/
url https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
fixed_packages
0
url pkg:maven/org.openapitools/openapi-generator-online@7.6.0
purl pkg:maven/org.openapitools/openapi-generator-online@7.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.openapitools/openapi-generator-online@7.6.0
aliases CVE-2024-35219, GHSA-g3hr-p86p-593h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53pf-zr8e-47fm
1
url VCID-a7c8-8hfw-1fe2
vulnerability_id VCID-a7c8-8hfw-1fe2
summary 
Improper Privilege Management
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21428
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15981
published_at 2026-06-05T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15864
published_at 2026-06-09T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15843
published_at 2026-06-08T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15928
published_at 2026-06-07T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15897
published_at 2026-06-04T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15971
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21428
1
reference_url https://github.com/OpenAPITools/openapi-generator
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenAPITools/openapi-generator
2
reference_url https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187
3
reference_url https://github.com/OpenAPITools/openapi-generator/pull/8788
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenAPITools/openapi-generator/pull/8788
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21428
reference_id CVE-2021-21428
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21428
5
reference_url https://github.com/advisories/GHSA-23x4-m842-fmwf
reference_id GHSA-23x4-m842-fmwf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23x4-m842-fmwf
6
reference_url https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf
reference_id GHSA-23x4-m842-fmwf
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf
7
reference_url https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j
reference_id GHSA-pc22-3g76-gm6j
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j
fixed_packages
0
url pkg:maven/org.openapitools/openapi-generator-online@5.1.0
purl pkg:maven/org.openapitools/openapi-generator-online@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53pf-zr8e-47fm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.openapitools/openapi-generator-online@5.1.0
aliases CVE-2021-21428, GHSA-23x4-m842-fmwf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7c8-8hfw-1fe2
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.openapitools/openapi-generator-online@3.2.2