Vulnerability CVE-2018-25031


Published: 2022-03-11

Description:
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

See advisories in our WLB2 database:
Topic
Author
Date
High
Swagger UI 4.1.3 Critical Information Misrepresentation
Rafael Cintra Lo...
21.04.2023

 References:
https://github.com/swagger-api/swagger-ui/issues/4872
https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3
https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885

Copyright 2023, cxsecurity.com

 

Back to Top