Microsoft.OpenApi.Kiota is vulnerable to Path Traversal
67
Medium Risk
A path traversal vulnerability allowed attacker-controlled consumer identifiers (and related file reference/config keys) to escape the intended .kiota/documents namespace, enabling overwriting another consumer’s cached OpenAPI description. The fix adds strict validation of consumer identifiers/extensions, canonicalizes paths with GetFullPath, performs containment checks to prevent escaping the documents directory, and hardens file-reference parsing against percent-encoding/double-encoding, control chars (including NUL), and Unicode normalization bypasses.
You are affected if you are using a version that falls within the vulnerable range.
Microsoft.OpenApi.Kiota is vulnerable to Path Traversal in versions 1.15.0 - 1.33.0.
Upgrade the Microsoft.OpenApi.Kiota library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant