org.zalando.stups:spring-boot-stups-swagger-codegen-ui (>=0.4.4 <=0.5.0-beta-1) potentially affected by CVE-2019-17495 via io.springfox:springfox-swagger-ui (=2.0.1)

io.springfox:springfox-swagger-ui MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.springfox:springfox-swagger-ui and may be impacted: - org.zalando.stups:spring-boot-stups-swagger-codegen-ui =0.4.4, =0.5.0-beta-1 Source cves:...

Deserialization of Untrusted Data in swagger-parser

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +15 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-codegen (>=2.1.1 <=2.2.1)

io.swagger:swagger-codegen MAVEN version =2.1.1, =0.1-1, =1.1, =2.1.3, =2.1.1, =1.0, =1.6.0, =0.4.2, =0.4.2, =0.4.2, =0.5.0-beta-1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-Q7PF-QR96-2VQ5...

GHSA-VGVF-9JH3-FG75 Deserialization of Untrusted Data in swagger-codegen

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

Deserialization of Untrusted Data in swagger-codegen

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +15 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-codegen (>=2.1.1 <=2.2.1)

io.swagger:swagger-codegen MAVEN version =2.1.1, =0.1-1, =1.1, =2.1.3, =2.1.1, =1.0, =1.6.0, =0.4.2, =0.4.2, =0.4.2, =0.5.0-beta-1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-VGVF-9JH3-FG75...

Swagger Parser and Swagger codegen arbitrary code execution vulnerability

Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...

CVE-2017-1000207

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2017-1000207

CVE-2017-1000207 concerns a vulnerability in Swagger-Parser (&lt;= 1.0.30) and Swagger Codegen (

CVE-2017-1000207

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

Swagger-Parser's and swagger-codegen Arbitrary Code Execution Vulnerabilities

Swagger-Parser's is a Swagger cross-language REST API interface parser. swagger-codegen is an API development tool. A security vulnerability exists in Swagger-Parser's 1.0.30 and earlier and swagger-codegen 2.2.2 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

shopify-scripts: Double free of filename after codegen error

The following program causes a double free of irep-filename after a codgen error is triggered. I've poked at it a bit and it doesn't seem exploitable because the second free happens near the end of the program and there don't appear to be any overflows or useful heap control available. However, I...

shopify-scripts: Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant

Crash file is: break 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,CRASH This is 126 0's,...

shopify-scripts: Null pointer derefence due to bug in codegen with negation without using value

Crash file is: p case when nil -0 nil end $ ./dev/bin/mruby crash.rb crash.rb:1:3: '' interpreted as argument prefix Segmentation fault: 11 $ lldb ./dev/bin/mruby crash.rb lldb target create "./dev/bin/mruby" Current executable set to './dev/bin/mruby' x8664. lldb settings set -- target.run-args...

Hack Codegen - Facebook Open-Sources Code That Writes Code

Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build...

CVE-2014-3152

CVE-2014-3152 affects Google V8’s ARM codegen path. An integer underflow in LCodeGen::PrepareKeyedOperand (arm/lithium-codegen-arm.cc) in V8 builds used by Chrome before 35.0.1916.114 allows remote denial of service via vectors triggering a negative key value. Public reports indicate patches were...