Smartbear Swagger Ui
By the Year
In 2024 there have been 1 vulnerability in Smartbear Swagger Ui with an average score of 5.3 out of ten. Swagger Ui did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.30 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.20 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Swagger Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Smartbear Swagger Ui Security Vulnerabilities
fastify-swagger-ui is a Fastify plugin for serving Swagger UI
CVE-2024-22207
5.3 - Medium
- January 15, 2024
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Insecure Default Initialization of Resource
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim
CVE-2021-46708
6.1 - Medium
- March 11, 2022
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks
CVE-2018-25031
4.3 - Medium
- March 11, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Improper Input Validation
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11
CVE-2019-17495
9.8 - Critical
- October 10, 2019
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Utilities Framework or by Smartbear? Click the Watch button to subscribe.
