Improper Input Validation Affecting swagger-client package, versions <3.27.5
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-SWAGGERCLIENT-6836803
- published 13 May 2024
- disclosed 8 May 2024
- credit glowcloud
How to fix?
Upgrade swagger-client
to version 3.27.5 or higher.
Overview
swagger-client is a SwaggerJS - a collection of interfaces for OAI specs
Affected versions of this package are vulnerable to Improper Input Validation due to improper escape of regex expression in the oas3BaseUrl
function on index.js
.
References
CVSS Scores
version 3.1