org.webjars.npm%3Aswagger-ui@3.19.1 vulnerabilities
-
latest version
5.11.3
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
3 months ago
-
licenses detected
- [2.1.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm%3Aswagger-ui package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.npm:swagger-ui is a WebJar npm bundle for swagger-ui. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the NOTE: This vulnerability has also been identified as: CVE-2021-46708 How to fix Server-side Request Forgery (SSRF)? Upgrade |
[0,4.1.3)
|
org.webjars.npm:swagger-ui is a WebJar npm bundle for swagger-ui. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the NOTE: This vulnerability has also been identified as: CVE-2018-25031 How to fix Server-side Request Forgery (SSRF)? Upgrade |
[0,4.1.3)
|
org.webjars.npm:swagger-ui is a WebJar npm bundle for swagger-ui. Affected versions of this package are vulnerable to Insecure Defaults. Markdown rendering allows How to fix Insecure Defaults? Upgrade |
[,3.26.1)
|
org.webjars.npm:swagger-ui is a WebJar npm bundle for swagger-ui. Affected versions of this package are vulnerable to Relative Path Overwrite (RPO). Attackers are able to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value i.e. allows the embedding of untrusted JSON data from remote servers, using How to fix Relative Path Overwrite (RPO)? Upgrade |
[,3.23.11)
|
org.webjars.npm:swagger-ui is a WebJar npm bundle for swagger-ui. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to a lack of sanitization of URLs used for OAuth auth flow. How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.22.0)
|