Lucene search
PRIOn knowledge basePRION:CVE-2017-1000208HistoryNov 17, 2017 - 2:29 a.m.
Design/Logic Flaw
2017-11-1702:29:00
PRIOn knowledge base
www.prio-n.com
6
A vulnerability in Swagger-Parser’s (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the ‘generate’ and ‘validate’ command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
| CPE | Name | Operator | Version |
|---|---|---|---|
| swagger-codegen | le | 2.2.2 | |
| swagger-parser | le | 1.0.30 |
Related
veracode
veracode
Arbitrary Code Execution
2017-11-15 06:57:45
github
github
Deserialization of Untrusted Data in swagger-parser
2018-10-19 16:46:41
cvelist
cvelist
CVE-2017-1000208
2017-11-17 02:00:00
nvd
nvd
CVE-2017-1000208
2017-11-17 02:29:01
cve
cve
CVE-2017-1000208
2017-11-17 02:29:01
osv
osv
Deserialization of Untrusted Data in swagger-codegen
2018-10-19 16:46:30
Deserialization of Untrusted Data in swagger-parser
2018-10-19 16:46:41