491 matches found
Analyzing Go Vendoring with BigQuery
GitHub published a snapshot of all the public open-source repositories to BigQuery and Francesc used it to draw some cool statistics about Go projects. I used the same dataset to analyze how the Go ecosystem does vendoring. Disclosure: there's some ego stroking here, as I'm the author of gvt. Try...
Swagger Remote Code Execution Vulnerability
Swagger is a specification and complete framework for generating, describing, invoking and visualizing RESTful style web services. A remote code execution vulnerability exists in Swagger, where parameters of Swagger JSON, YAML files are injected, allowing an attacker to exploit the vulnerability ...
Swagger exposed a remote code execution vulnerability affects Java, PHP, NodeJS and many other development languages-vulnerability warning-the black bar safety net
Vulnerability description The Swagger specification is widely used in Html, PHP, Java and Ruby and other popular languages to develop applications, which has recently been exposed a remote code execution vulnerability, the potential impact on Java, PHP, NodeJS and Ruby and other popular languages...
IBM WebSphere Application Server Privilege Acquisition Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. Liberty Profile is a dynamic server profile for WAS. A privilege acquisition vulnerability exists in IBM WAS Liberty Profile version 8.5.5, which can be exploited to gain user...
Swagger 通过参数注入远程代码执行漏洞
详情来源: R7-2016-06 This disclosure will address a class of vulnerabilities in a Swagger Code Generator in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS, PHP, Ruby, and Java and probably other languages as well. Othe...
JSON Swagger CodeGen Parameter Injector
This module generates an Open API Specification 2.0 Swagger compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable...
Swagger Vulnerability Leads to Arbitrary Code Injection
An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...
Urban Dictionary: Infinite Upvoting/Downvoting: Lockout Bypass, Plus: Exposed API Documentation
By sending an extra parameter kind=1 in the upvote/downvote API request, a user can vote as many times as he wants without any IP address restriction: http://api.urbandictionary.com/v0/vote?kind=1&direction=up&defid=94413 Seems harmless enough, but your site does depend on the accuracy of the...
book-monkey2-api.angular2buch.de XSS vulnerability
Vulnerable URL: http://book-monkey2-api.angular2buch.de/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type...
kubernetes.io XSS vulnerability
Vulnerable URL: http://kubernetes.io/kubernetes/thirdparty/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| No Latest check for...
Swagger Editor 2.9.9 Cross Site Scripting
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Swagger Editor Vendor URL: https://github.com/swagger-api/swagger-editor Type: Cross-Site Scripting CWE-79 Date found:...