Skip to content

Instantly share code, notes, and snippets.

@b33t1e
Created March 30, 2023 02:54
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save b33t1e/6121210ebd9efd4f693c73b830d8ab08 to your computer and use it in GitHub Desktop.
[description]
openapi-generator up to v6.4.0 was discovered to contain a Server-Side
Request Forgery (SSRF) via the component /api/gen/clients/{language}.
This vulnerability allows attackers to access network resources and
sensitive information via a crafted API request.
>
------------------------------------------
>
[VulnerabilityType Other]
Server-Side Request Forgery (SSRF)
>
------------------------------------------
>
[Vendor of Product]
https://github.com/OpenAPITools/openapi-generator
>
------------------------------------------
>
[Affected Product Code Base]
openapi-generator - <= v6.4.0
>
------------------------------------------
>
[Affected Component]
The API endpoints /api/gen/clients/{language}, /api/gen/servers/{framework} are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the openAPIUrl parameter.
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Escalation of Privileges]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: POST /api/gen/clients/{language} API with payload - "openAPIUrl": "https://dnslog_ip/petstore.yaml"
details can be seen: https://notes.sjtu.edu.cn/s/2_yki_2Xq
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
http://openapi-generator.com
https://github.com/OpenAPITools/openapi-generator
https://notes.sjtu.edu.cn/s/2_yki_2Xq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment