R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641) Last updated at Thu, 28 Dec 2023 20:51:59 GMT This disclosure will address a class of vulnerabilities in a Swagger Code Generator in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS, PHP, Ruby, and Java and probably other languages as we
![R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641) | Rapid7 Blog](https://cdn-ak-scissors.b.st-hatena.com/image/square/e81f28b65639a6008648f1da59aa6219da4fcaf6/height=288;version=1;width=512/https%3A%2F%2Fwww.rapid7.com%2Fglobalassets%2Frapid7-og.jpg)