swagger

vulnerability arbitrary code execution
severity 8.8
language python
registry other

:book: Description

Swagger is a tool that provides the Pure FlashArray and FlashBlade API documentation into the popular interactive Swagger UI. This lets you browse the API documentation in a convienent format and even execute API calls interactively directly to a FlashArray or FlashBlade!.This package is vulnerable for arbitaryCodeexecution

https://github.com/Tehforsch/financeTracker

:recycle: Steps To Reproduce-:

  1. git clone https://github.com/PureStorage-OpenConnect/swagger
  2. run as in poc.png

:telescope: POC

💥 Impact

Arbitary code execution