You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Path to vulnerable library: /webapp/static/oas3/swagger-ui.js
Dependency Hierarchy:
❌ swagger-ui-3.19.2.js (Vulnerable Library)
swagger-ui-bundle-3.19.2.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
CVE-2018-25031 - Medium Severity Vulnerability
swagger-ui-3.19.2.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/3.19.2/swagger-ui.js
Path to vulnerable library: /webapp/static/oas3/swagger-ui.js
Dependency Hierarchy:
swagger-ui-bundle-3.19.2.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/3.19.2/swagger-ui-bundle.js
Path to vulnerable library: /webapp/static/oas3/swagger-ui-bundle.js
Dependency Hierarchy:
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Publish Date: 2022-03-11
URL: CVE-2018-25031
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-qrmm-w75w-3wpx
Release Date: 2022-03-11
Fix Resolution: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3
The text was updated successfully, but these errors were encountered: