Описание
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Recommendation
Upgrade to version 2.2.1 or later.
Пакеты
Наименование
swagger-ui
npm
Затронутые версииВерсия исправления
< 2.2.1
2.2.1
Дефекты
CWE-79
Дефекты
CWE-79