{"id":"CVE-2017-1000207","details":"A vulnerability in Swagger-Parser's version \u003c= 1.0.30 and Swagger codegen version \u003c= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (\u003c= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.","aliases":["GHSA-vgvf-9jh3-fg75"],"modified":"2026-03-14T09:23:38.119760Z","published":"2017-11-27T15:29:00.303Z","references":[{"type":"ADVISORY","url":"https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208"},{"type":"REPORT","url":"https://github.com/swagger-api/swagger-parser/pull/481"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000207.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.30"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}