The popular open source API framework Swagger lets developers describe, produce, and consume RESTful web services using a human-friendly authoring format. But a vulnerability that could result in code execution because of unexpected user input is a sobering reminder to developers to never, ever, trust user input.
Swagger defines a standard, language-agnostic interface to REST APIs by allowing people and computers to discover and understand what a web service can do without having to dig through the original source code, documentation, or network traffic packets.
