15 matches found
EUVD-2023-2148
Malicious code in bioql PyPI...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
Directory Traversal
Overview rswag is a package for generating beautiful API documentation directly from rspec integration tests Affected versions of this package are vulnerable to Directory Traversal in api/middleware.rb, which is accessible via the rswag-api component. JSON and YAML other than the OpenAPI or Swagg...
GHSA-VC79-65PR-Q82V rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
Directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
rswag 路径遍历漏洞
rswag is an API from the rswag community that seamlessly adds Swagger to Rails-based projects. A security vulnerability exists in versions of rswag prior to 2.10.1, which stems from the fact that the rswag-api can expose a file that is not a project's OpenAPI or Swagger specification file, leadin...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
CVE-2023-38337 concerns rswag (Ruby gem) before 2.10.1. The issue arises because rswag-api can expose a file that is not the project’s OpenAPI/Swagger specification, enabling directory traversal and allowing remote attackers to read arbitrary JSON and YAML files. Affected software is rswag
PT-2023-26371 · Rswag · Rswag
Name of the Vulnerable Software and Affected Versions: rswag versions prior to 2.10.1 Description: The issue allows remote attackers to read arbitrary JSON and YAML files via directory traversal. This occurs because rswag-api can expose a file that is not the OpenAPI or Swagger specification file...