CVE-2017-1000208

A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:swagger:swagger-codegen:*:*:*:*:*:*:*:*
cpe:2.3:a:swagger:swagger-parser:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-17 02:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-1000208

Mitre link : CVE-2017-1000208

CVE.ORG link : CVE-2017-1000208


JSON object : View

Products Affected

swagger

  • swagger-codegen
  • swagger-parser
CWE
CWE-502

Deserialization of Untrusted Data