Swagger Ui Smartbear Swagger Ui

Do you want an email whenever new security vulnerabilities are reported in Smartbear Swagger Ui?

By the Year

In 2022 there have been 2 vulnerabilities in Smartbear Swagger Ui with an average score of 5.2 out of ten. Swagger Ui did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 5.20
2021 0 0.00
2020 0 0.00
2019 1 9.80
2018 0 0.00

It may take a day or so for new Swagger Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Smartbear Swagger Ui Security Vulnerabilities

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim

CVE-2021-46708 6.1 - Medium - March 11, 2022

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Clickjacking

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks

CVE-2018-25031 4.3 - Medium - March 11, 2022

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

Improper Input Validation

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11

CVE-2019-17495 9.8 - Critical - October 10, 2019

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Utilities Framework or by Smartbear? Click the Watch button to subscribe.

Smartbear
Vendor

subscribe