CVE-2017-1000208

Source
https://cve.org/CVERecord?id=CVE-2017-1000208
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000208.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000208
Aliases
Published
2017-11-17T02:29:01.050Z
Modified
2026-07-08T05:49:51.252699355Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:swagger:swagger-codegen:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "swagger:swagger-codegen",
            "extracted_events": [
                {
                    "last_affected": "2.2.2"
                }
            ]
        },
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:swagger:swagger-parser:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "swagger:swagger-parser",
            "extracted_events": [
                {
                    "last_affected": "1.0.30"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/swagger-api/swagger-parser

Affected ranges

Type
GIT
Repo
https://github.com/swagger-api/swagger-parser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.29
v1.0.3
v1.0.5
v1.0.6
v1.0.8
v1.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000208.json"