Search
Find a vulnerability
Search criteria
6 vulnerabilities found for swagger_ui by smartbear
CVE-2024-22207 (GCVE-0-2024-22207)
Vulnerability from nvd – Published: 2024-01-15 15:40 – Updated: 2025-06-17 14:34
VLAI
Title
Default swagger-ui configuration exposes all files in the module
Summary
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/fastify/fastify-swagger-ui/sec… | x_refsource_CONFIRM |
| https://github.com/fastify/fastify-swagger-ui/com… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024021… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fastify | fastify-swagger-ui |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4"
},
{
"name": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:34:31.540245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:34:45.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastify-swagger-ui",
"vendor": "fastify",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module\u0027s directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:05:51.826Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4"
},
{
"name": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0002/"
}
],
"source": {
"advisory": "GHSA-62jr-84gf-wmg4",
"discovery": "UNKNOWN"
},
"title": "Default swagger-ui configuration exposes all files in the module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22207",
"datePublished": "2024-01-15T15:40:35.252Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2025-06-17T14:34:45.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25031 (GCVE-0-2018-25031)
Vulnerability from nvd – Published: 2022-03-11 06:47 – Updated: 2024-08-05 12:26
VLAI
Summary
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| smartbear | swagger_ui |
Affected:
0 , ≤ 4.1.2
(custom)
cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "swagger_ui",
"vendor": "smartbear",
"versions": [
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-25031",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:12:25.157134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:46:54.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/issues/4872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T21:30:10.229Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885"
},
{
"url": "https://github.com/swagger-api/swagger-ui/issues/4872"
},
{
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25031",
"datePublished": "2022-03-11T06:47:46.000Z",
"dateReserved": "2022-03-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17495 (GCVE-0-2019-17495)
Vulnerability from nvd – Published: 2019-10-10 21:04 – Updated: 2024-08-05 01:40
VLAI
Summary
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://github.com/tarantula-team/CSS-injection-i… | x_refsource_MISC |
| https://github.com/swagger-api/swagger-ui/release… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/r3acb7e494cf… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r103579b01da… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/ref70b940c4f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r853ffeb915a… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r84b327f7a8b… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96%40%3Ccommits.airflow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that \u003cstyle\u003e@import within the JSON data was a functional attack method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96%40%3Ccommits.airflow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that \u003cstyle\u003e@import within the JSON data was a functional attack method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"name": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11",
"refsource": "MISC",
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17495",
"datePublished": "2019-10-10T21:04:49.000Z",
"dateReserved": "2019-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:15.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22207 (GCVE-0-2024-22207)
Vulnerability from cvelistv5 – Published: 2024-01-15 15:40 – Updated: 2025-06-17 14:34
VLAI
Title
Default swagger-ui configuration exposes all files in the module
Summary
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/fastify/fastify-swagger-ui/sec… | x_refsource_CONFIRM |
| https://github.com/fastify/fastify-swagger-ui/com… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024021… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fastify | fastify-swagger-ui |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4"
},
{
"name": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:34:31.540245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:34:45.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastify-swagger-ui",
"vendor": "fastify",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module\u0027s directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:05:51.826Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4"
},
{
"name": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0002/"
}
],
"source": {
"advisory": "GHSA-62jr-84gf-wmg4",
"discovery": "UNKNOWN"
},
"title": "Default swagger-ui configuration exposes all files in the module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22207",
"datePublished": "2024-01-15T15:40:35.252Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2025-06-17T14:34:45.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25031 (GCVE-0-2018-25031)
Vulnerability from cvelistv5 – Published: 2022-03-11 06:47 – Updated: 2024-08-05 12:26
VLAI
Summary
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| smartbear | swagger_ui |
Affected:
0 , ≤ 4.1.2
(custom)
cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "swagger_ui",
"vendor": "smartbear",
"versions": [
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-25031",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:12:25.157134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:46:54.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/issues/4872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T21:30:10.229Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885"
},
{
"url": "https://github.com/swagger-api/swagger-ui/issues/4872"
},
{
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25031",
"datePublished": "2022-03-11T06:47:46.000Z",
"dateReserved": "2022-03-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17495 (GCVE-0-2019-17495)
Vulnerability from cvelistv5 – Published: 2019-10-10 21:04 – Updated: 2024-08-05 01:40
VLAI
Summary
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://github.com/tarantula-team/CSS-injection-i… | x_refsource_MISC |
| https://github.com/swagger-api/swagger-ui/release… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/r3acb7e494cf… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r103579b01da… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/ref70b940c4f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r853ffeb915a… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r84b327f7a8b… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96%40%3Ccommits.airflow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that \u003cstyle\u003e@import within the JSON data was a functional attack method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96%40%3Ccommits.airflow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that \u003cstyle\u003e@import within the JSON data was a functional attack method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
},
{
"name": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11",
"refsource": "MISC",
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17495",
"datePublished": "2019-10-10T21:04:49.000Z",
"dateReserved": "2019-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:15.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}