Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) swagger-ui-dist is a module that exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2021-46708 How to fix Server-side Request Forgery (SSRF)? Upgrade `swagger-ui-dist` to version 4.1.3 or higher.	<4.1.3
M Server-side Request Forgery (SSRF) swagger-ui-dist is a module that exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2018-25031 How to fix Server-side Request Forgery (SSRF)? Upgrade `swagger-ui-dist` to version 4.1.3 or higher.	<4.1.3

Server-side Request Forgery (SSRF)

swagger-ui-dist is a module that exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the ?url parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances.

NOTE: This vulnerability has also been identified as: CVE-2021-46708

How to fix Server-side Request Forgery (SSRF)?

Upgrade swagger-ui-dist to version 4.1.3 or higher.

<4.1.3

Server-side Request Forgery (SSRF)

swagger-ui-dist is a module that exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you.

NOTE: This vulnerability has also been identified as: CVE-2018-25031

How to fix Server-side Request Forgery (SSRF)?

Upgrade swagger-ui-dist to version 4.1.3 or higher.

<4.1.3

Go back to all versions of this package