Reverse Tabnapping in swagger-ui

Severity:: Medium

Description

Versions of swagger-ui prior to 3.18.0 are vulnerable to Reverse Tabnapping. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page. This is commonly used for phishing attacks.

Recommendation

Update the swagger-ui package to the latest compatible version. Followings are version details:

Affected version(s): < 3.18.0
Patched version(s): 3.18.0

References

GHSA-x9p2-fxq6-2m5f
snyk.io
www.npmjs.com
CWE-1022

Related Issues

Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-g336-c7wv-8hp3 - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-vp93-gcx5-4w52 - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-w992-2gmj-9xxj - Vulnerability
Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-22q9-hqm5-mhmc - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; swagger-ui

Anything's wrong? Let us know Last updated on January 09, 2023