You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
mend-bolt-for-githubbot
changed the title
WS-2019-0172 (Medium) detected in swagger-ui-2.2.10.tgz
WS-2019-0172 (Medium) detected in swagger-ui-2.2.10.tgz - autoclosed
Mar 15, 2021
WS-2019-0172 - Medium Severity Vulnerability
Vulnerable Library - swagger-ui-2.2.10.tgz
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://registry.npmjs.org/swagger-ui/-/swagger-ui-2.2.10.tgz
Path to dependency file: store/package.json
Path to vulnerable library: store/node_modules/swagger-ui/package.json
Dependency Hierarchy:
Found in HEAD commit: 84990bf9d6b7cdf76851573df077d70766b08e91
Found in base branch: master
Vulnerability Details
swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting
Publish Date: 2019-02-23
URL: WS-2019-0172
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/976
Release Date: 2019-07-15
Fix Resolution: 3.20.9
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: