High severityNVD Advisory· Published Apr 18, 2022· Updated Apr 23, 2025
Denial of service in http-swagger
CVE-2022-24863
Description
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the "GET" method as a workaround.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/swaggo/http-swaggerGo | < 1.2.6 | 1.2.6 |
Affected products
2- Range: < 1.2.6
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-xg75-q3q5-cqmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24863ghsaADVISORY
- cosmosofcyberspace.github.io/improper_http_method_leads_to_xss/poc.htmlghsaWEB
- github.com/swaggo/http-swagger/commit/b7d83e8fba85a7a51aa7e45e8244b4173f15049eghsax_refsource_MISCWEB
- github.com/swaggo/http-swagger/pull/62ghsax_refsource_MISCWEB
- github.com/swaggo/http-swagger/releases/tag/v1.2.6ghsax_refsource_MISCWEB
- github.com/swaggo/http-swagger/security/advisories/GHSA-xg75-q3q5-cqmvghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.