Description
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered.
Recommendation
Update the swagger-ui-dist package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.1.3
- Patched version(s): 4.1.3
References
Related Issues
- Server side request forgery in SwaggerUI - swagger-ui-react - Vulnerability
- Server side request forgery in SwaggerUI - Vulnerability
- lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability - CVE-2024-32964
- google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
You might also like:
- Tags:
- npm
- swagger-ui-dist
Anything's wrong? Let us know Last updated on June 02, 2023