Home

Description

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version

PUBLISHED Reserved 2025-03-11 | Published 2025-09-25 | Updated 2025-09-26 | Assigner mitre

References

github.com/swagger-api/swagger-petstore

petstore3.swagger.io/

gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443

cve.org (CVE-2025-29157)

nvd.nist.gov (CVE-2025-29157)

Download JSON