Go modules package
github.com/swaggo/http-swagger
pkg:golang/github.com/swaggo/http-swagger
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-25712 | — | < 1.2.6 | 1.2.6 | Feb 11, 2024 | http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solutio | ||
| CVE-2022-24863 | — | < 1.2.6 | 1.2.6 | Apr 18, 2022 | http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory e |
- CVE-2024-25712Feb 11, 2024affected < 1.2.6fixed 1.2.6
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solutio
- CVE-2022-24863Apr 18, 2022affected < 1.2.6fixed 1.2.6
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory e