21 matches found
CVE-2026-54607
FastGPT exposed an SSRF issue in the HTTP-tool OpenAPI schema importer prior to 4.15.0-beta4. The importer validates only the top-level URL before handing refs to SwaggerParser.bundle, whose resolver can fetch and inline $ref URLs bypassing FastGPT’s internal-address guard, enabling an authentica...
EUVD-2018-0697
Malware in sbrugna...
EUVD-2018-0659
Malware in sbrugna...
Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +163 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-parser (>=1.0.0 <=1.0.30)
io.swagger:swagger-parser MAVEN version =1.0.0, =0.1-1, =1.0.2, =1.0.2, =1.1.0, =1.0.2, =1.0.2, =1.2.0, =1.0.2, =0.0.1, =0.0.1, =1.1, =1.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-Q7PF-QR96-2VQ5https://vulners...
GHSA-Q7PF-QR96-2VQ5 Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +163 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-parser (>=1.0.0 <=1.0.30)
io.swagger:swagger-parser MAVEN version =1.0.0, =0.1-1, =1.0.2, =1.0.2, =1.1.0, =1.0.2, =1.0.2, =1.2.0, =1.0.2, =0.0.1, =0.0.1, =1.1, =1.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-VGVF-9JH3-FG75https://vulners...
GHSA-VGVF-9JH3-FG75 Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Swagger Parser and Swagger codegen arbitrary code execution vulnerability
Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
CVE-2017-1000207 concerns a vulnerability in Swagger-Parser (<= 1.0.30) and Swagger Codegen (
Swagger-Parser's and swagger-codegen Arbitrary Code Execution Vulnerabilities
Swagger-Parser's is a Swagger cross-language REST API interface parser. swagger-codegen is an API development tool. A security vulnerability exists in Swagger-Parser's 1.0.30 and earlier and swagger-codegen 2.2.2 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
CVE-2017-1000208 involves Swagger-Parser 1.0.30 and earlier with YAML parsing that enables arbitrary code execution when processing crafted OpenAPI specs. It impacts Swagger Codegen commands generate/validate (