Operation does not have the 'consumes' field defined
consumes field for a
PATCH operation has not been defined, either in the operation itself or globally in the top-level
consumes field. The
consumes field defines how the exchanged object should be deserialized from HTTP messages.
For more details, see the OpenAPI Specification.
The following is an example of how this type of risk could look in your API definition:
1/pets: 2 put: 3 summary: Updates a pet in the store with form data 4 operationId: updatePetWithForm 5 produces: 6 - application/json 7 - application/xml 8 parameters: 9  10 # ... 11
Possible exploit scenario
If you do not define the expected input format for the parameters an operation can take, your API could potentially accept any form of data as input. This could open your API to any number of potential attacks, like buffer overflow, decoding errors, or SQL injection attacks.
Specify the MIME types of the accepted input data:
1/pets: 2 put: 3 summary: Updates a pet in the store with form data 4 operationId: updatePetWithForm 5 produces: 6 - application/json 7 - application/xml 8 consumes: 9 - application/x-www-form-urlencoded 10 parameters: 11  12 # ... 13
Copyright 42Crunch 2021