Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service in http-swagger
Vulnerability Description
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the "GET" method as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
http-swagger 安全漏洞
Vulnerability Description
http-swagger是一个 net/http 包装器。 http-swagge存在安全漏洞,该漏洞源于在 1.2.6 之前的 http-swagger 版本中,攻击者可能会执行拒绝服务攻击,包括在主机系统上耗尽内存。内存耗尽的原因归结为对 http 方法的不当处理。建议用户升级。无法升级的用户可以将路径前缀限制为“GET”方法作为解决方法。
CVSS Information
N/A
Vulnerability Type
N/A