Количество 2
Количество 2
CVE-2024-22207
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
GHSA-62jr-84gf-wmg4
Default swagger-ui configuration exposes all files in the module
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-22207 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability. | CVSS3: 5.3 | 16% Средний | около 2 лет назад |
| GHSA-62jr-84gf-wmg4 Default swagger-ui configuration exposes all files in the module | CVSS3: 5.3 | 16% Средний | около 2 лет назад |
Уязвимостей на страницу