GHSA-vp93-gcx5-4w52

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using <script> tags in the method descriptions.

Recommendation

Upgrade to version 2.2.1 or later.

Ссылки

https://github.com/swagger-api/swagger-ui/issues/1864
https://www.npmjs.com/advisories/986

Пакеты

Наименование

swagger-ui

npm

Затронутые версииВерсия исправления

< 2.2.1

2.2.1

Дефекты

CWE-79

Дефекты

CWE-79