rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rswag project rswag |