exploitDog

CVE-2025-29157

Опубликовано: 25 сент. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version

Ссылки

https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443
Exploit
Third Party Advisory
https://github.com/swagger-api/swagger-petstore
Product
https://petstore3.swagger.io/#/pet/updatePet
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartbear:swagger_petstore:1.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00197

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-5h97-9fpp-qf3p

CVSS3: 6.5

github

4 месяца назад

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version

EPSS

Процентиль: 42%

0.00197

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77