CVE-2022-24863

Name of the Vulnerable Software and Affected Versions http-swagger versions prior to 1.2.6

Description The issue allows an attacker to perform a denial of service attack consisting of memory exhaustion on the host system due to improper handling of HTTP methods. This can also lead to other unexpected behaviors such as cross-site scripting (XSS) attacks by uploading malicious files. Users are advised to upgrade to prevent memory exhaustion and potential XSS attacks.

Recommendations For versions prior to 1.2.6, upgrade to version 1.2.6 to resolve the issue. As a temporary workaround for users unable to upgrade, restrict the path prefix to the "GET" method to minimize the risk of exploitation.