Description
The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module’s directory being exposed via http routes served by the module.
Recommendation
Update the @fastify/swagger-ui package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.0.0, < 2.1.0
- Patched version(s): 2.1.0
References
Related Issues
- Server secret was included in static assets and served to clients - Vulnerability
- @sveltejs/kit has unescaped error message included on error page - CVE-2024-53262
- CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
- Undici vulnerable to data leak when using response.arrayBuffer() - CVE-2024-38372
- Tags:
- npm
- @fastify/swagger-ui
Anything's wrong? Let us know Last updated on February 16, 2024