Vulnerability Description
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openapi-Generator | Openapi Generator | <= 6.4.0 |
Related Weaknesses (CWE)
References
- http://openapi-generator.comProduct
- https://gist.github.com/b33t1e/6121210ebd9efd4f693c73b830d8ab08Third Party Advisory
- https://github.com/OpenAPITools/openapi-generatorProduct
- https://notes.sjtu.edu.cn/s/2_yki_2XqExploitThird Party Advisory
- http://openapi-generator.comProduct
- https://gist.github.com/b33t1e/6121210ebd9efd4f693c73b830d8ab08Third Party Advisory
- https://github.com/OpenAPITools/openapi-generatorProduct
- https://notes.sjtu.edu.cn/s/2_yki_2XqExploitThird Party Advisory
- https://gist.github.com/b33t1e/6121210ebd9efd4f693c73b830d8ab08Third Party Advisory
FAQ
What is CVE-2023-27162?
CVE-2023-27162 is a vulnerability with a CVSS score of 9.1 (CRITICAL). openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resou...
How severe is CVE-2023-27162?
CVE-2023-27162 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-27162?
Check the references section above for vendor advisories and patch information. Affected products include: Openapi-Generator Openapi Generator.