20 matches found
EUVD-2018-0659
Malware in sbrugna...
EUVD-2018-0697
Malware in sbrugna...
Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
GHSA-Q7PF-QR96-2VQ5 Deserialization of Untrusted Data in swagger-parser
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +163 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-parser (>=1.0.0 <=1.0.30)
io.swagger:swagger-parser MAVEN version =1.0.0, =0.1-1, =1.0.2, =1.0.2, =1.1.0, =1.0.2, =1.0.2, =1.2.0, =1.0.2, =0.0.1, =0.0.1, =1.1, =1.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-Q7PF-QR96-2VQ5https://vulners...
GHSA-VGVF-9JH3-FG75 Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Deserialization of Untrusted Data in swagger-codegen
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +163 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-parser (>=1.0.0 <=1.0.30)
io.swagger:swagger-parser MAVEN version =1.0.0, =0.1-1, =1.0.2, =1.0.2, =1.1.0, =1.0.2, =1.0.2, =1.2.0, =1.0.2, =0.0.1, =0.0.1, =1.1, =1.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-VGVF-9JH3-FG75https://vulners...
Swagger Parser and Swagger codegen arbitrary code execution vulnerability
Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
CVE-2017-1000207 concerns a vulnerability in Swagger-Parser (<= 1.0.30) and Swagger Codegen (
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
Swagger-Parser's and swagger-codegen Arbitrary Code Execution Vulnerabilities
Swagger-Parser's is a Swagger cross-language REST API interface parser. swagger-codegen is an API development tool. A security vulnerability exists in Swagger-Parser's 1.0.30 and earlier and swagger-codegen 2.2.2 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
CVE-2017-1000208 involves Swagger-Parser 1.0.30 and earlier with YAML parsing that enables arbitrary code execution when processing crafted OpenAPI specs. It impacts Swagger Codegen commands generate/validate (