5 min
Vulnerability Disclosure
R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641)
This disclosure will address a class of vulnerabilities in a Swagger Code
Generator [https://github.com/swagger-api/swagger-codegen] in which injectable
parameters in a Swagger JSON or YAML file facilitate remote code execution. This
vulnerability applies to NodeJS [https://nodejs.org/en/], PHP, Ruby
[https://www.ruby-lang.org/en/], and Java [https://java.com/en/download/] and
probably other languages as well. Other code generation tools
[https://apimatic.io/] may also be vulnerable to paramete