CNNVD-202509-3926 Information
CNNVD ID
CNNVD-202509-3926
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
Swagger Petstore Sample是Swagger开源的一个宠物商店系统示例。 Swagger Petstore Sample 1.0.7版本存在安全漏洞,该漏洞源于/api/v3/pet接口未对特制脚本进行验证,可能导致跨站脚本攻击。
Description (English)
Swagger Petstore Sample is an example of a pet shop system that is open to Swagger. There is a security loophole in version 1.0.7 of Swager Petstore Sample, which stems from the failure of the /api/v3/pet interface to verify a special script, which could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Swagger
Published
2025-09-25
Last Modified
2026-02-24
References
https://gist.github.com/HouqiyuA/9d2c3f0ba075d01631aff879546e419c https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml https://www.google.com/url?q= https://access.redhat.com/security/cve/cve-2025-29156
Patch
https://github.com/swagger-api/swagger-petstore/releases
Share on: