GHSA-388g-jwpg-x6j4

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.

Recommendation

Upgrade to version 3.0.13 or later.

Ссылки

https://github.com/swagger-api/swagger-ui/issues/3163
https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941
https://www.npmjs.com/advisories/985

Пакеты

Наименование

swagger-ui

npm

Затронутые версииВерсия исправления

< 3.0.13

3.0.13

6.5 Medium

CVSS3

Дефекты

CWE-79

6.5 Medium

CVSS3

Дефекты

CWE-79