8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000207

GHSA ID

GHSA-vgvf-9jh3-fg75

EPSS Score

0.61323%

CWE

CWE-502

Published

10/19/2018

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-1000207

CVE-2017-1000207: Deserialization of Untrusted Data in swagger-codegen

A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000207

GHSA ID

GHSA-vgvf-9jh3-fg75

EPSS Score

0.61323%

CWE

CWE-502

Published

10/19/2018

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.swagger:swagger-parser	maven	< 1.0.31	1.0.31
io.swagger:swagger-codegen	maven	< 2.2.2	2.2.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe YAML deserialization using SnakeYAML's default Constructor in swagger-parser. The LGTM blog analysis explicitly identifies this pattern as the root cause (CVE-2017-1000207), and the fix in swagger-parser PR #481 involved modifying YAML parsing to use a restricted constructor. While swagger-codegen's 'generate'/'validate' commands trigger the vulnerability, the actual vulnerable implementation resides in the YAML parsing logic of swagger-parser. The YamlParser.parse method is the direct entry point for this unsafe deserialization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in Sw****r-P*rs*r's v*rsion <= *.*.** *n* Sw****r *o****n v*rsion <= *.*.* y*ml p*rsin* *un*tion*lity r*sults in *r*itr*ry *o** **in* *x**ut** w**n * m*li*iously *r**t** y*ml Op*n-*PI sp**i*i**tion is p*rs**. T*is in p*rti*ul*r, *****

Reasoning

T** vuln*r**ility st*ms *rom uns*** Y*ML **s*ri*liz*tion usin* `Sn*k*Y*ML`'s ****ult *onstru*tor in `sw****r-p*rs*r`. T** L*TM *lo* *n*lysis *xpli*itly i**nti*i*s t*is p*tt*rn *s t** root **us* (*V*-****-*******), *n* t** *ix in `sw****r-p*rs*r` PR #

8.8

Basic Information

Concerned about an active attack path?

CVE-2017-1000207: Deserialization of Untrusted Data in swagger-codegen

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI