Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-388g-jwpg-x6j4

Severity:: Medium

Description

Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 3.0.13
Patched version(s): 3.0.13

References

GHSA-388g-jwpg-x6j4
snyk.io
www.npmjs.com
CWE-79
OWASP 2021-A3

Related Issues

Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-4f9m-pxwh-68hg - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-22q9-hqm5-mhmc - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-w992-2gmj-9xxj - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-vp93-gcx5-4w52 - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on January 09, 2023