Microsoft.OpenApi.Kiota.Builder is vulnerable to Path Traversal
93
Critical Risk
Kiota writes the static_template.file value from the x-ai-adaptive-card and x-ai-capabilities OpenAPI extensions into a generated API plugin manifest without validating it. An attacker-controlled or tampered OpenAPI description can supply a .. traversal segment, absolute path, or URI, so the manifest's response_semantics.static_template.file references files outside the plugin package. When the generated plugin is deployed to a Microsoft 365 Copilot or Teams host, that host resolves the out-of-package path. The fix validates the reference as a relative path confined to the plugin output package and drops unsafe values.
You are affected if you are using a version that falls within the vulnerable range and you generate API plugin manifests from untrusted OpenAPI descriptions.
Microsoft.OpenApi.Kiota.Builder is vulnerable to Path Traversal in versions 0.0.1 - 1.32.4.
Upgrade the Microsoft.OpenApi.Kiota.Builder and/or the Microsoft.OpenApi.Kiota library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant