Vulnerabilities > CVE-2022-24863 - Improper Handling of Exceptional Conditions vulnerability in Http-Swagger Project Http-Swagger

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

http-swagger-project

CWE-755

NVD

Published: 2022-04-18

Updated: 2022-04-27

Summary

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the "GET" method as a workaround.

Vulnerable Configurations

Part	Description	Count
Application	Http-Swagger_Project Http Swagger Project Http Swagger - Http Swagger Project Http Swagger 1.0.0 Http Swagger Project Http Swagger 1.1.1 Http Swagger Project Http Swagger 1.1.2 Http Swagger Project Http Swagger 1.2.0 Http Swagger Project Http Swagger 1.2.1 Http Swagger Project Http Swagger 1.2.5	7

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References