Swagger Ui

swagger-ui

Vendor: Smartbear • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-22207 1Smartbear 1Swagger Ui Nov 21, 2024 Jan 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via...Show more fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.Show less
CVE-2018-25031 1Smartbear 1Swagger Ui Nov 21, 2024 Mar 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. No...Show more Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.Show less
CVE-2016-1000229 2Redhat Smartbear 3Jboss Fuse OpenshiftSwagger Ui Nov 21, 2024 Dec 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 swagger-ui has XSS in key names
CVE-2019-17495 2Oracle Smartbear 6Banking Apis Banking Digital ExperienceBanking Platform+3 more Nov 21, 2024 Oct 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltr...Show more A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.Show less
CVE-2016-5682 1Smartbear 1Swagger Ui May 13, 2026 Apr 10, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.