Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) swagger-ui is a library that allows interaction and visualisation of APIs. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2021-46708 How to fix Server-side Request Forgery (SSRF)? Upgrade `swagger-ui` to version 4.1.3 or higher.	<4.1.3
M Server-side Request Forgery (SSRF) swagger-ui is a library that allows interaction and visualisation of APIs. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `?url` parameter, which was intended to allow displaying remote OpenAPI definitions. This functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances. NOTE: This vulnerability has also been identified as: CVE-2018-25031 How to fix Server-side Request Forgery (SSRF)? Upgrade `swagger-ui` to version 4.1.3 or higher.	<4.1.3
M Insecure Defaults swagger-ui is a library that allows interaction and visualisation of APIs. Affected versions of this package are vulnerable to Insecure Defaults. Markdown rendering allows `class`, `style` and `data` attributes in the result by default. How to fix Insecure Defaults? Upgrade `swagger-ui` to version 3.26.1 or higher.	<3.26.1

Go back to all versions of this package