Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUI-2314885 #646

Closed
github-actions bot opened this issue Dec 13, 2021 · 1 comment
Closed

User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUI-2314885 #646

github-actions bot opened this issue Dec 13, 2021 · 1 comment
Labels
Snyk

Comments

@github-actions
Copy link

Overview

swagger-ui is a library that allows interaction and visualisation of APIs.

Affected versions of this package are vulnerable to User Interface (UI) Misrepresentation of Critical Information via the ?url parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances.

Remediation

Upgrade swagger-ui to version 4.1.3 or higher.

References
@github-actions github-actions bot added the Snyk label Dec 13, 2021
@Bdegraaf1234
Copy link
Collaborator

not relevant anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Snyk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Bdegraaf1234