CVE-2020-15142 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2020-15142

CVE-2020-15142

Published:August 14, 2020

Updated:May 17, 2026

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.

Affected Packages

openapi-python-client (PYTHON):

Affected version(s) >=0.1.0 <0.5.3

Fix Suggestion:

Update to version 0.5.3

Related Resources (10)

https://pypi.org/project/openapi-python-client

https://github.com/openapi-generators/openapi-python-client

https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13

https://github.com/openapi-generators/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a

https://pypi.org/project/openapi-python-client/

https://github.com/openapi-generators/openapi-python-client/releases/tag/v.0.5.3

https://nvd.nist.gov/vuln/detail/CVE-2020-15142

https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a

https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f

https://github.com/pypa/advisory-database/tree/main/vulns/openapi-python-client/PYSEC-2020-71.yaml

Do you need more information?

CVSS v4

Base Score:

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

HIGH

CVSS v3

Base Score:

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

EPSS

Base Score:

0.76