CVE-2024-35219

Name of the Vulnerable Software and Affected Versions OpenAPI Generator versions prior to 7.6.0

Description The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions and gain read, modify, or delete access to data using the outputFolder option. This can lead to reading and deleting files and folders from an arbitrary, writable directory.

Recommendations For versions prior to 7.6.0, update to version 7.6.0 or later, which removes the usage of the outputFolder option, thus fixing the issue. As a temporary workaround, consider restricting access to the outputFolder option to minimize the risk of exploitation.