Description
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered.
Recommendation
Update the swagger-ui-dist package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.1.3
- Patched version(s): 4.1.3
References
Related Issues
- Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx) - Vulnerability
- Server side request forgery in SwaggerUI - Vulnerability
- lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability - CVE-2024-32964
- Server-Side Request Forgery in html-pdf-chrome - Vulnerability
- Tags:
- npm
- swagger-ui-dist
Anything's wrong? Let us know Last updated on June 02, 2023