CVE-2024-22207 – Default swagger-ui configuration exposes all files in the module
https://notcve.org/view.php?id=CVE-2024-22207
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability. fastify-swagger-ui es un complemento de Fastify para servir la interfaz de usuario de Swagger. Antes de 2.1.0, la configuración predeterminada de `@fastify/swagger-ui` sin `baseDir` configurado hará que todos los archivos en el directorio del módulo queden expuestos a través de rutas http servidas por el módulo. • https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 https://security.netapp.com/advisory/ntap-20240216-0002 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2018-25031
https://notcve.org/view.php?id=CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others. Swagger UI versiones anteriores a 4.1.3, podría permitir a un atacante remoto realizar ataques de suplantación de identidad. • https://github.com/afine-com/CVE-2018-25031 https://github.com/mathis2001/CVE-2018-25031 https://github.com/rafaelcintralopes/SwaggerUI-CVE-2018-25031 https://github.com/hev0x/CVE-2018-25031-PoC https://github.com/wrkk112/CVE-2018-25031 https://github.com/h2oa/CVE-2018-25031 https://github.com/geozin/POC-CVE-2018-25031 https://github.com/LUCASRENAA/CVE-2018-25031 https://github.com/kriso4os/CVE-2018-25031 https://github.com/natpakun/SSRF-CVE-2018-25031- https:/ • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) CWE-922: Insecure Storage of Sensitive Information •
CVE-2019-17495
https://notcve.org/view.php?id=CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. Una vulnerabilidad de inyección de Cascading Style Sheets (CSS) en Swagger UI versiones anteriores a la versión 3.23.11, permite a atacantes utilizar la técnica de sobrescritura de ruta relativa (RPO) para realizar una exfiltración del valor de campo de entrada basada en CSS, como la exfiltración de un valor de token CSRF. En otras palabras, este producto permite intencionalmente insertar datos JSON no confiables desde servidores remotos, pero no se sabía previamente que (style)@import dentro de los datos JSON era un método de ataque funcional. • https://github.com/ossf-cve-benchmark/CVE-2019-17495 https://github.com/SecT0uch/CVE-2019-17495-test https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 https://github.com/tarantula-team/CSS-injection-in-Swagger-UI https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r84b3 • CWE-352: Cross-Site Request Forgery (CSRF) •