Link object has both 'operationId' and 'operationRef' defined

Description

You have defined both operationId and operationRef fields for the link object on question. However, these fields are mutually exclusive, so only one of them should be defined.

For more details, see the OpenAPI Specification.

Possible exploit scenario

Attackers strive to make your APIs behave in an unexpected way to learn more about your system or to cause a data breach. We highly recommend that you minimize any risks and clearly specify the data that your API operations can return for each possible response code.

Remediation

Make sure you only define either operationId or operationRef fields for link objects, not both.


Copyright 42Crunch 2021