CVE-2023-38337 (rswag): rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

Published: July 15, 2023

SECURITY IDENTIFIERS

CVE: CVE-2023-38337 (NVD)
GHSA: GHSA-vc79-65pr-q82v
Vendor Advisory: https://github.com/rswag/rswag/issues/653

GEM

rswag

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

>= 2.10.1

DESCRIPTION

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.

https://nvd.nist.gov/vuln/detail/CVE-2023-38337
https://github.com/rswag/rswag/issues/653
https://github.com/rswag/rswag/compare/2.9.0...2.10.1
https://github.com/advisories/GHSA-vc79-65pr-q82v

RubySec