rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

Main / rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

Discription

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and
YAML files via directory traversal, because rswag-api can expose a file that is
not the OpenAPI (or Swagger) specification file of a project.Read More

References

Back to Main

Subscribe for the latest news: