3 matches found
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
CVE-2023-38337 concerns rswag (Ruby gem) before 2.10.1. The issue arises because rswag-api can expose a file that is not the project’s OpenAPI/Swagger specification, enabling directory traversal and allowing remote attackers to read arbitrary JSON and YAML files. Affected software is rswag