CVE-2023-27162

Name of the Vulnerable Software and Affected Versions openapi-generator versions up to v6.4.0

Description The issue is related to a Server-Side Request Forgery (SSRF) in the component "/api/gen/clients/{language}". This allows attackers to access network resources and sensitive information via a crafted API request.

Recommendations For versions up to v6.4.0, consider disabling the "/api/gen/clients/{language}" component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using crafted API requests to the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.