Lucene search
GoogleOSV:GHSA-Q7PF-QR96-2VQ5HistoryOct 19, 2018 - 4:46 p.m.
Deserialization of Untrusted Data in swagger-parser
2018-10-1916:46:41
Google
osv.dev
6
0.002 Low
EPSS
Percentile
53.0%
A vulnerability in Swagger-Parser’s (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the ‘generate’ and ‘validate’ command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
Related
osv
osv
Deserialization of Untrusted Data in swagger-codegen
2018-10-19 16:46:30
veracode
veracode
Arbitrary Code Execution
2017-11-15 06:57:45
Arbitrary Code Execution
2017-11-15 07:50:43
github
github
Deserialization of Untrusted Data in swagger-codegen
2018-10-19 16:46:30
Deserialization of Untrusted Data in swagger-parser
2018-10-19 16:46:41
prion
prion
Design/Logic Flaw
2017-11-27 15:29:00
Design/Logic Flaw
2017-11-17 02:29:00
cve
cve
CVE-2017-1000207
2017-11-27 15:29:00
CVE-2017-1000208
2017-11-17 02:29:01
nvd
nvd
CVE-2017-1000207
2017-11-27 15:29:00
CVE-2017-1000208
2017-11-17 02:29:01
cvelist
cvelist
CVE-2017-1000208
2017-11-17 02:00:00
CVE-2017-1000207
2017-11-27 15:00:00