Description
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered.
Recommendation
Update the swagger-ui-react package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.1.3
- Patched version(s): 4.1.3
References
Related Issues
- Server side request forgery in SwaggerUI - swagger-ui-dist - Vulnerability
- Server side request forgery in SwaggerUI - Vulnerability
- lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability - CVE-2024-32964
- Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters - Vulnerability
You might also like:
- Tags:
- npm
- swagger-ui-react
Anything's wrong? Let us know Last updated on June 02, 2023


