CVE-2021-21364

MEDIUM

swagger-codegen < 2.4.19 - Insecure Temporary File Permissions

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-21364. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a vulnerable version of Swagger Codegen (CVE-2021-21364) with scripts to generate and test code for various languages. The presence of multiple language-specific scripts and a Dockerfile suggests it is a functional PoC for demonstrating the vulnerability.

Description

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363.

Exploits (2)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2021-21364-swagger-codegen-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Swagger Codegen (CVE-2021-21364) with scripts to generate and test code for various languages. The presence of multiple language-specific scripts and a Dockerfile suggests it is a functional PoC for demonstrating the vulnerability.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Swagger Codegen

No auth needed

Prerequisites: Swagger Codegen installation · Docker for running the vulnerable environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2021-21364-swagger-codegen-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Swagger Codegen (CVE-2021-21364), which is susceptible to arbitrary code execution during code generation due to improper handling of user-supplied templates. The repository includes scripts and configurations to reproduce the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Swagger Codegen < 3.0.23

No auth needed

Prerequisites: Access to a vulnerable Swagger Codegen instance · Ability to supply malicious templates

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Third Party Advisory x_refsource_confirm

https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w

Patch, Third Party Advisory x_refsource_misc

https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

Details

CWE

CWE-378 CWE-200 CWE-732

Status published

Products (2)

io.swagger/swagger-codegen 0 - 2.4.19Maven

smartbear/swagger-codegen < 2.4.19

Published Mar 11, 2021

Tracked Since Feb 18, 2026