CVE-2023-38337: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
References
Detect and mitigate CVE-2023-38337 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →