Reverse Tabnapping in swagger-ui

Severity:: Medium

Description

Versions of swagger-ui prior to 3.18.0 are vulnerable to Reverse Tabnapping. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page. This is commonly used for phishing attacks.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 3.18.0
Patched version(s): 3.18.0

References

GHSA-x9p2-fxq6-2m5f
snyk.io
www.npmjs.com
CWE-1022

Related Issues

Cross-Site Scripting in swagger-ui (GHSA-g336-c7wv-8hp3) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-vp93-gcx5-4w52) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-4f9m-pxwh-68hg) - Vulnerability
Cross-Site Scripting in swagger-ui (GHSA-w992-2gmj-9xxj) - Vulnerability

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on January 09, 2023