CNNVD-202509-3925 Information
CNNVD ID
CNNVD-202509-3925
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
Swagger Petstore Sample是Swagger开源的一个宠物商店系统示例。 Swagger Petstore Sample 1.0.7版本存在安全漏洞,该漏洞源于访问不存在的端点或购物车时服务器返回404错误页面并暴露敏感信息,可能导致远程代码执行。
Description (English)
Swagger Petstore Sample is an example of a pet shop system that is open to Swagger. There is a security loophole in version 1.0.7 of Swager Petstore Sample, which arises from the fact that the server returns the 404 error page and exposes sensitive information when accessing non-existent end points or shopping vans, which may result in remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Swagger
Published
2025-09-25
Last Modified
2026-02-24
References
https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443 https://github.com/swagger-api/swagger-petstore https://petstore3.swagger.io/#/pet/updatePet https://access.redhat.com/security/cve/cve-2025-29157
Patch
https://github.com/swagger-api/swagger-petstore/releases
Share on: