Do your applications use this vulnerable package?
28 Nov 2017
13 Jul 2017
How to fix?
io.swagger:swagger-parser to version 1.0.31 or higher.
io.swagger:swagger-parser is a simple yet powerful representation of your RESTful API.
Affected versions of this package are vulnerable to Arbitrary Code Execution via the yaml parsing functionality. When a maliciously crafted yaml Open-API specification is parsed, it is possible to execute arbitrary code on the hosting server.