28 matches found
EUVD-2021-0669
Malware in sbrugna...
EUVD-2021-0688
Malware in sbrugna...
EUVD-2018-0697
Malware in sbrugna...
Information Disclosure
swagger-codegen is vulnerable to information disclosure. The vulnerability exists when the code is generated as a one-off occasion, and is not part of an automated CI/CD process, where the insecure File.createTempFile is used to create temporary files in multiple locations...
CVE-2021-21364
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...
CVE-2021-21364
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...
CVE-2021-21363
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...
CVE-2021-21363
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...
Design/Logic Flaw
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...
ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +195 more potentially affected by CVE-2021-21364 via io.swagger:swagger-codegen (>=2.1.1 <=2.4.18)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.0.2, =0.0.2, =0.1-1, =1.1, =0.1.13, =1.0.1, =1.1, =1.3, =0.12, =1.1.6, =1.1.7 and more Source cves: CVE-2021-21364 Source advisory: OSV:GHSA-HPV8-9RQ5-HQ7W...
ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +195 more potentially affected by CVE-2021-21363 via io.swagger:swagger-codegen (>=2.1.1 <=2.4.18)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.0.2, =0.0.2, =0.1-1, =1.1, =0.1.13, =1.0.1, =1.1, =1.3, =0.12, =1.1.6, =1.1.7 and more Source cves: CVE-2021-21363 Source advisory: OSV:GHSA-PC22-3G76-GM6J...
CVE-2021-21363
CVE-2021-21363 affects swagger-codegen prior to 2.4.19, where Unix-like systems share a global temporary directory. A collocated user can observe the creation of a temporary subdirectory in the shared temp dir and racing to complete its creation enables local privilege escalation by potentially a...
CVE-2021-21364
CVE-2021-21364 affects the open-source project swagger-codegen. On Unix-like systems, prior to version 2.4.19, a shared system temporary directory allows a local attacker to observe or exploit the creation of temporary files/directories with default permissions, enabling potential data exposure o...
PT-2021-14446 · Oracle · Jdk
Name of the Vulnerable Software and Affected Versions: swagger-codegen versions prior to 2.4.19 Description: The issue affects generated code, which remains vulnerable until manually fixed. On Unix-Like systems, the system temporary directory is shared between all local users. When...
HugoMario swagger-codegen 信息泄露漏洞
HugoMario swagger-codegen is an application from HugoMario. It is used to automatically generate API client libraries generate SDKs, server stubs and documentation given an OpenAPI Spec. An information disclosure vulnerability exists in Swagger-codegen version 2.4.19. The vulnerability stems from...
Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +15 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-codegen (>=2.1.1 <=2.2.1)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.1-1, =1.1, =2.1.3, =2.1.1, =1.0, =1.6.0, =0.4.2, =0.4.2, =0.4.2, =0.5.0-beta-1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-Q7PF-QR96-2VQ5...
GHSA-VGVF-9JH3-FG75 Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +15 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-codegen (>=2.1.1 <=2.2.1)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.1-1, =1.1, =2.1.3, =2.1.1, =1.0, =1.6.0, =0.4.2, =0.4.2, =0.4.2, =0.5.0-beta-1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-VGVF-9JH3-FG75...