Description
The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module’s directory being exposed via http routes served by the module.
Recommendation
Update the @fastify/swagger-ui package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.0.0, < 2.1.0
- Patched version(s): 2.1.0
References
Related Issues
- Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
- Redoc Prototype Pollution via `Module.mergeObjects` Component - CVE-2024-57083
- files.photo.gallery command injection - CVE-2024-53615
- angular vulnerable to super-linear runtime due to backtracking - CVE-2024-21490
- Tags:
- npm
- @fastify/swagger-ui
Anything's wrong? Let us know Last updated on February 16, 2024