Описание
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Пакеты
Наименование
rswag
rubygems
Затронутые версииВерсия исправления
< 2.10.1
2.10.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.