CVE-2025-29157

Name of the Vulnerable Software and Affected Versions petstore version 1.0.7

Description An issue allows a remote attacker to execute arbitrary code by accessing a non-existent endpoint /cart. The server responds with a 404-error page that reveals sensitive information, including the Servlet name (default) and server version.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.