Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vc79-65pr-q82v: rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.

ghsa
#js#git

rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

Moderate severity GitHub Reviewed Published Jul 15, 2023 to the GitHub Advisory Database • Updated Jul 17, 2023

Related news

CVE-2023-38337: Comparing 2.9.0...2.10.1 · rswag/rswag

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP