Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-g336-c7wv-8hp3

Description

Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.2.1
• Patched version(s): 2.2.1

References

• GHSA-g336-c7wv-8hp3
• www.npmjs.com
• CWE-79
• OWASP 2021-A3

Related Issues

• Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-4f9m-pxwh-68hg - Vulnerability
• Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-388g-jwpg-x6j4 - Vulnerability
• Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-vp93-gcx5-4w52 - Vulnerability
• Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-w992-2gmj-9xxj - Vulnerability

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

swagger-ui