An open API service providing security vulnerability metadata for many open source software ecosystems.
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
|
npm:swagger-ui
PURL:
pkg:npm/swagger-ui
|
< 2.2.1 | 2.2.1 | |
Affected Version RangesAll affected versions0.1.11, 0.1.12, 0.1.13, 0.1.14, 1.1.15, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.8, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.24, 2.1.0, 2.1.0-M1, 2.1.0-M2, 2.1.0-alpha.1, 2.1.0-alpha.2, 2.1.0-alpha.3, 2.1.0-alpha.4, 2.1.0-alpha.5, 2.1.0-alpha.6, 2.1.0-alpha.7, 2.1.0-alpha.8, 2.1.1, 2.1.1-M1, 2.1.1-M2, 2.1.2, 2.1.2-M1, 2.1.2-M2, 2.1.3, 2.1.3-M1, 2.1.3-M2, 2.1.4, 2.1.4-M1, 2.1.4-M2, 2.1.5, 2.1.5-M1, 2.1.5-M2, 2.1.6-M1, 2.1.7-M1, 2.1.8-M1, 2.2.0 All unaffected versions2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.10, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 3.13.6, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.16.0, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.17.5, 3.17.6, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.19.4, 3.19.5, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.20.7, 3.20.8, 3.20.9, 3.20.10, 3.21.0, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.23.7, 3.23.8, 3.23.9, 3.23.10, 3.23.11, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.26.0, 3.26.1, 3.26.2, 3.27.0, 3.28.0, 3.29.0, 3.30.0, 3.30.1, 3.30.2, 3.31.0, 3.31.1, 3.32.0, 3.32.1, 3.32.2, 3.32.3, 3.32.4, 3.32.5, 3.33.0, 3.34.0, 3.35.0, 3.35.1, 3.35.2, 3.36.0, 3.36.1, 3.36.2, 3.37.0, 3.37.1, 3.37.2, 3.38.0, 3.39.0, 3.40.0, 3.41.0, 3.41.1, 3.42.0, 3.43.0, 3.44.0, 3.44.1, 3.45.0, 3.45.1, 3.46.0, 3.47.0, 3.47.1, 3.48.0, 3.49.0, 3.50.0, 3.51.0, 3.51.1, 3.51.2, 3.52.0, 3.52.1, 3.52.2, 3.52.3, 3.52.4, 3.52.5, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.11.0, 4.11.1, 4.12.0, 4.13.0, 4.13.1, 4.13.2, 4.14.0, 4.14.1, 4.14.2, 4.14.3, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 4.15.5, 4.16.0, 4.16.1, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.18.2, 4.18.3, 4.19.0, 4.19.1, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.6.0, 5.6.1, 5.6.2, 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.10.0, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.11.0, 5.11.1, 5.11.2, 5.11.3, 5.11.4, 5.11.5, 5.11.6, 5.11.7, 5.11.8, 5.11.9, 5.11.10, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.14.0, 5.15.0, 5.15.1, 5.15.2, 5.16.0, 5.16.1, 5.16.2, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.17.7, 5.17.8, 5.17.9, 5.17.10, 5.17.11, 5.17.12, 5.17.13, 5.17.14, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.19.0, 5.20.0, 5.20.1, 5.20.2, 5.20.3, 5.20.4, 5.20.5, 5.20.6, 5.20.7, 5.20.8, 5.21.0, 5.22.0, 5.23.0, 5.24.0, 5.24.1, 5.24.2, 5.25.0, 5.25.1, 5.25.2, 5.25.3, 5.25.4, 5.26.0, 5.26.1, 5.26.2, 5.27.0, 5.27.1, 5.28.0, 5.28.1, 5.29.0, 5.29.1, 5.29.2, 5.29.3, 5.29.4, 5.29.5, 5.30.0 |
|||
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Upgrade to version 2.2.1 or later.
References: