Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOTMtZ2N4NS00dzUy
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using <script> tags in the method descriptions.
Recommendation
Upgrade to version 2.2.1 or later.
Permalink: https://github.com/advisories/GHSA-vp93-gcx5-4w52JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOTMtZ2N4NS00dzUy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: 11 months ago
Identifiers: GHSA-vp93-gcx5-4w52
References:
- https://github.com/swagger-api/swagger-ui/issues/1864
- https://www.npmjs.com/advisories/986
- https://github.com/advisories/GHSA-vp93-gcx5-4w52
Affected Packages
npm:swagger-ui
Versions: < 2.2.1Fixed in: 2.2.1