Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-4f9m-pxwh-68hg

Severity:: Medium

Description

Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 3.20.9
Patched version(s): 3.20.9

References

GHSA-4f9m-pxwh-68hg
snyk.io
CWE-79
OWASP 2021-A3

Related Issues

Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-388g-jwpg-x6j4 - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-g336-c7wv-8hp3 - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-w992-2gmj-9xxj - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-vp93-gcx5-4w52 - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on October 02, 2023