Swagger API
Products
3- 3 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000207 | Hig | 0.57 | 8.8 | 0.00 | Nov 27, 2017 | A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and… | ||
| CVE-2016-1000226 | cri | 0.52 | — | 0.01 | Sep 1, 2020 | Affected versions of `swagger-ui` are vulnerable to cross-site scripting in both the `consumes` and `produces` parameters of the swagger JSON document for a given API. Additionally, `swagger-ui` allows users to load arbitrary swagger JSON documents via the query string… | ||
| CVE-2016-1000233 | hig | 0.39 | — | 0.01 | Sep 1, 2020 | Affected versions of `swagger-ui` are vulnerable to cross-site scripting. This vulnerability exists because `swagger-ui` automatically executes external Javascript that is loaded in via the `url` query string parameter when a `Content-Type: application/javascript` header is… | ||
| CVE-2021-21363 | 0.00 | — | 0.00 | Mar 11, 2021 | swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the… | |||
| CVE-2021-21364 | 0.00 | — | 0.00 | Mar 11, 2021 | swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the… |
- risk 0.57cvss 8.8epss 0.00
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and…
- risk 0.52cvss —epss 0.01
Affected versions of `swagger-ui` are vulnerable to cross-site scripting in both the `consumes` and `produces` parameters of the swagger JSON document for a given API. Additionally, `swagger-ui` allows users to load arbitrary swagger JSON documents via the query string…
- risk 0.39cvss —epss 0.01
Affected versions of `swagger-ui` are vulnerable to cross-site scripting. This vulnerability exists because `swagger-ui` automatically executes external Javascript that is loaded in via the `url` query string parameter when a `Content-Type: application/javascript` header is…
- CVE-2021-21363Mar 11, 2021risk 0.00cvss —epss 0.00
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the…
- CVE-2021-21364Mar 11, 2021risk 0.00cvss —epss 0.00
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the…