You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2016-0034
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger-UI versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Mend Note: Converted from WS-2021-0461, on 2022-12-21.
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-combot
changed the title
swagger-ui-2.1.2.min.js: 4 vulnerabilities (highest severity is: 7.3) - autoclosed
swagger-ui-2.1.2.min.js: 6 vulnerabilities (highest severity is: 7.3)
Apr 30, 2024
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2016-0034
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-ui has vulnerability when "Produces" and "consumes" Content-types in schema are not escaped and allow XSS
Publish Date: 2016-01-13
URL: WS-2016-0034
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2016-01-13
Fix Resolution: v2.1.5
CVE-2016-1000233
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui before 2.2.1 automatically executes external Javascript that is loaded in via the url query string parameter
Publish Date: 2019-07-11
URL: CVE-2016-1000233
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2019-07-11
Fix Resolution: 2.2.1
WS-2019-0234
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-UI versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Publish Date: 2015-01-28
URL: WS-2019-0234
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2015-01-28
Fix Resolution: 2.2.1
CVE-2016-1000229
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui has XSS in key names
Publish Date: 2019-12-20
URL: CVE-2016-1000229
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/126
Release Date: 2019-12-20
Fix Resolution: 2.2.1
WS-2017-0143
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to not escaping html script tags.
Publish Date: 2016-09-01
URL: WS-2017-0143
CVSS 3 Score Details (5.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2016-09-01
Fix Resolution: 2.2.3
CVE-2018-25031
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Path to vulnerable library: /WebContent/swagger/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: c7142581c9069b8cb9288ee3a8c017f04d3578b4
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Mend Note: Converted from WS-2021-0461, on 2022-12-21.
Publish Date: 2022-03-11
URL: CVE-2018-25031
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-qrmm-w75w-3wpx
Release Date: 2022-03-11
Fix Resolution: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3
The text was updated successfully, but these errors were encountered: