Response has Content-Type that is not documented in the schema.
Handling unknown Content-Type values can introduce security risks. For instance, a malicious payload might be treated as a harmless data type, leading to vulnerabilities such as cross-site scripting (XSS) or other security threats.
Remediation
Properly document all content types that an endpoint can deliver in a response.
Example Attack Scenario
How to Identify with Example Scenario
How to Resolve with Example Scenario
How to Identify with Example Scenario
Find the text in bold to identify issues such as these in API specifications
How to Resolve with Example Scenario
Modify the text in bold to resolve issues such as these in API specifications
