Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) org.webjars:swagger-ui is a WebJar for Swagger UI npm library. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2018-25031 How to fix Server-side Request Forgery (SSRF)? Upgrade `org.webjars:swagger-ui` to version 4.1.3 or higher.	[0,4.1.3)
M Server-side Request Forgery (SSRF) org.webjars:swagger-ui is a WebJar for Swagger UI npm library. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2021-46708 How to fix Server-side Request Forgery (SSRF)? Upgrade `org.webjars:swagger-ui` to version 4.1.3 or higher.	[0,4.1.3)

Server-side Request Forgery (SSRF)

org.webjars:swagger-ui is a WebJar for Swagger UI npm library.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the ?url parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances.

NOTE: This vulnerability has also been identified as: CVE-2018-25031

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.webjars:swagger-ui to version 4.1.3 or higher.

[0,4.1.3)

Server-side Request Forgery (SSRF)

org.webjars:swagger-ui is a WebJar for Swagger UI npm library.

NOTE: This vulnerability has also been identified as: CVE-2021-46708

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.webjars:swagger-ui to version 4.1.3 or higher.

[0,4.1.3)

Go back to all versions of this package