Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
References
Link | Resource |
---|---|
https://github.com/swagger-api/swagger-ui/issues/4872 | Issue Tracking Patch Third Party Advisory |
https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3 | Release Notes Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220407-0004/ | Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-11T06:47:46
Updated: 2022-04-07T23:15:07
Reserved: 2022-03-11T00:00:00
Link: CVE-2018-25031
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-11T07:15:07.190
Modified: 2022-06-03T16:22:26.133
Link: CVE-2018-25031
JSON object: View
Redhat Information
No data.
CWE