CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22207 – Default swagger-ui configuration exposes all files in the module
https://notcve.org/view.php?id=CVE-2024-22207
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability. fastify-swagger-ui es un complemento de Fastify para servir la interfaz de usuario de Swagger. Antes de 2.1.0, la configuración predeterminada de `@fastify/swagger-ui` sin `baseDir` configurado hará que todos los archivos en el directorio del módulo queden expuestos a través de rutas http servidas por el módulo. • https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 https://security.netapp.com/advisory/ntap-20240216-0002 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46708
https://notcve.org/view.php?id=CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. El paquete swagger-ui-dist versiones anteriores a 4.1.3 para Node.js, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente lanzar más ataques contra ella • https://security.netapp.com/advisory/ntap-20220407-0004 https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884 https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 11CVE-2018-25031
https://notcve.org/view.php?id=CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others. Swagger UI versiones anteriores a 4.1.3, podría permitir a un atacante remoto realizar ataques de suplantación de identidad. • https://github.com/afine-com/CVE-2018-25031 https://github.com/mathis2001/CVE-2018-25031 https://github.com/rafaelcintralopes/SwaggerUI-CVE-2018-25031 https://github.com/hev0x/CVE-2018-25031-PoC https://github.com/wrkk112/CVE-2018-25031 https://github.com/h2oa/CVE-2018-25031 https://github.com/geozin/POC-CVE-2018-25031 https://github.com/LUCASRENAA/CVE-2018-25031 https://github.com/kriso4os/CVE-2018-25031 https://github.com/natpakun/SSRF-CVE-2018-25031- https:/&# • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 3CVE-2019-17495
https://notcve.org/view.php?id=CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. Una vulnerabilidad de inyección de Cascading Style Sheets (CSS) en Swagger UI versiones anteriores a la versión 3.23.11, permite a atacantes utilizar la técnica de sobrescritura de ruta relativa (RPO) para realizar una exfiltración del valor de campo de entrada basada en CSS, como la exfiltración de un valor de token CSRF. En otras palabras, este producto permite intencionalmente insertar datos JSON no confiables desde servidores remotos, pero no se sabía previamente que (style)@import dentro de los datos JSON era un método de ataque funcional. • https://github.com/ossf-cve-benchmark/CVE-2019-17495 https://github.com/SecT0uch/CVE-2019-17495-test https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 https://github.com/tarantula-team/CSS-injection-in-Swagger-UI https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r84b3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5682
https://notcve.org/view.php?id=CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. Swagger-UI en versiones anteriores a 2.2.1 tiene XSS a través del campo predeterminado en la sección de definiciones. • https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •