Cross-Site Scripting in swagger-ui (GHSA-w992-2gmj-9xxj)

Severity:: Medium

Description

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 2.2.1
Patched version(s): 2.2.1

References

GHSA-w992-2gmj-9xxj
www.npmjs.com
CWE-79
OWASP 2021-A3

Related Issues

Cross-Site Scripting in swagger-ui (GHSA-p239-93f7-h6xf) - CVE-2016-5682
Cross-Site Scripting in swagger-ui (GHSA-vp93-gcx5-4w52) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-22q9-hqm5-mhmc) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-g336-c7wv-8hp3) - Vulnerability

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on January 09, 2023

Cross-Site Scripting in swagger-ui (GHSA-w992-2gmj-9xxj)

Description

Recommendation

References

Related Issues

This issue is available in SmartScanner Professional