CVE-2023-38337
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →