Description
Xray scanning shows some vulnerability in the Swagger version in the existing flask restplus version 0.13.0.
It needs to be updated to 3.23.11 or higher?
Is anyone else also facing this issue and is there support of updating this to the latest version of swagger documentation.
16:56:10 Security Violations against xray policy:
16:56:10 {
16:56:10 "id": "",
16:56:10 "severity": "High",
16:56:10 "summary": "A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.",
16:56:10 "issue_type": "security",
16:56:10 "provider": "JFrog",
16:56:10 "component": "swagger-ui",
16:56:10 "source_id": "npm://swagger-ui",
16:56:10 "source_comp_id": "npm://swagger-ui:3.19.0",
16:56:10 "component_versions": {
16:56:10 "id": "swagger-ui",
16:56:10 "vulnerable_versions": [
16:56:10 "3.14.1 \u2264 Version < 3.23.11"
16:56:10 ],
16:56:10 "fixed_versions": [
16:56:10 "3.23.11"
16:56:10 ],