CVE-2023-38337

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.

Date published : 2023-07-14

https://github.com/rswag/rswag/compare/2.9.0…2.10.1

https://github.com/rswag/rswag/issues/653