Cross-Site Scripting in swagger-ui (GHSA-vp93-gcx5-4w52)

Severity:: Medium

Description

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using <script> tags in the method descriptions.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 2.2.1
Patched version(s): 2.2.1

References

GHSA-vp93-gcx5-4w52
www.npmjs.com
CWE-79
OWASP 2021-A3

Related Issues

Cross-Site Scripting in swagger-ui (GHSA-p239-93f7-h6xf) - CVE-2016-5682
Cross-Site Scripting in swagger-ui (GHSA-w992-2gmj-9xxj) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-22q9-hqm5-mhmc) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-g336-c7wv-8hp3) - Vulnerability

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on January 09, 2023

Cross-Site Scripting in swagger-ui (GHSA-vp93-gcx5-4w52)

Description

Recommendation

References

Related Issues

This issue is available in SmartScanner Professional