High risk vulnerabilities are found, Java,
PHP and NodeJS, Ruby development application or enrollment-vulnerability Java,OpenAPI-IT information
Information on IT recently, a widely exist in Java, PHP and NodeJS and popular languages such as Ruby application vulnerabilities were found that could exist in the OpenAPI (Swagger Code Generator), belonging to the parameter injection vulnerability, consolidating OpenAPI applications will be affected.
An attacker could use this vulnerability to Swagger plant malicious code in JSON files, remote execution. Worth noting is that the flaw has been disclosed as early as April 2016 details and repair patch, but does not seem to be enough Swagger defenders seriously, because they never answered it.
For security reasons, developers and technicians deploy bug fixes should be stepped up, and in order to eliminate the potential threat of the vulnerability as soon as possible.
高危漏洞被发现,Java、
PHP、NodeJS、Ruby开发应用或中招 - 漏洞,Java,OpenAPI - IT资讯
IT资讯讯 近日,一个广泛存在于Java、PHP、NodeJS和Ruby等流行语言开发应用的漏洞被发现,该漏洞存在于OpenAPI(Swagger Code Generator)中,属于参数注入漏洞,凡是整合OpenAPI的应用都会受到影响。
攻击者可以利用该漏洞在Swagger JSON文件中植入恶意代码,实现远程执行。值得注意的是,该漏洞早在2016年4月就已经被披露过细节以及修复补丁,但似乎并没有受到Swagger维护者的足够重视,因为他们从未回应此事。
为了安全起见,相关开发者和技术人员应该加紧部署漏洞修复适宜,以便尽早杜绝该漏洞的潜在威胁。