Security Advisory

CVE-2023-38337

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-14 00:00:00

Last updated 2024-10-31 16:04:57

Assigner mitre

State PUBLISHED

Description

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.

← Browse all CVEs View on cve.org ↗