You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Inspect the source of the page and search for the term configObject, it should be in a script tag towards the bottom of the page
Expected behavior
Configurations and Configurations should not be exposed unless necessary, always practice the principle of least privilege and ensure you systems fail securely.
Screenshots
(see above)
Additional context
Add any other context about the problem here.
Dependency versions
The version of are you using for:
Rswag: (2.8.0)
RSpec:
Rails: 7.0.3.1
Ruby: ruby-3.1.1
Relates to which version of OAS (OpenAPI Specification)
OAS2
OAS3
OAS3.1
The text was updated successfully, but these errors were encountered:
Describe the bug
An instance of rswag configured like:
Will leak the contents of the configuration, including the credentials in index.html of the swagger docs.
due to the code found at
rswag/rswag-ui/lib/rswag/ui/index.erb
Lines 82 to 83 in bc58e30
Steps to Test or Reproduce
configObject
, it should be in a script tag towards the bottom of the pageExpected behavior
Configurations and Configurations should not be exposed unless necessary, always practice the principle of least privilege and ensure you systems fail securely.
Screenshots
(see above)
Additional context
Add any other context about the problem here.
Dependency versions
The version of are you using for:
Relates to which version of OAS (OpenAPI Specification)
The text was updated successfully, but these errors were encountered: