swagger-codegen-cli is susceptible to arbitrary code execution attacks. It does not use safe way of invoking SnakeYaml
for both validate
and generate
commands, allowing malicious YAML specification files from untrusted remote sources to be parsed to the applications.
github.com/swagger-api/swagger-codegen/blob/master/modules/swagger-codegen-cli/src/main/java/io/swagger/codegen/cmd/Generate.java#L22
github.com/swagger-api/swagger-codegen/blob/master/modules/swagger-codegen-cli/src/main/java/io/swagger/codegen/cmd/Validate.java#L13
github.com/swagger-api/swagger-codegen/commit/a17c3093f876290fb62908ddbf7b221fa0bf17bf
github.com/swagger-api/swagger-parser/pull/481
lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208