GHSA-cr3q-pqgq-m8c2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cr3q-pqgq-m8c2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-cr3q-pqgq-m8c2/GHSA-cr3q-pqgq-m8c2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-cr3q-pqgq-m8c2
- Aliases
- Published
- 2022-03-12T00:00:36Z
- Modified
- 2025-09-02T22:36:55.510340Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Spoofing attack in swagger-ui
- Details
-
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
- Database specific
{ "nvd_published_at": "2022-03-11T07:15:00Z", "cwe_ids": [ "CWE-20", "CWE-918", "CWE-922" ], "github_reviewed": true, "github_reviewed_at": "2022-03-14T23:31:48Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-25031
- https://github.com/swagger-api/swagger-ui/issues/4872
- https://github.com/swagger-api/swagger-ui/pull/7697
- https://github.com/swagger-api/swagger-ui
- https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3
- https://security.netapp.com/advisory/ntap-20220407-0004
- https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885
Affected packages
npm / swagger-ui
Package
- Name
- swagger-ui
- View open source insights on deps.dev
- Purl
- pkg:npm/swagger-ui
Maven / org.webjars:swagger-ui
Package
- Name
- org.webjars:swagger-ui
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars/swagger-ui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.3
Affected versions
2.*
2.0.12
2.0.14
2.0.14-1
2.0.17
2.0.18
2.0.21
2.0.22
2.0.24
2.1.0-alpha.6
2.1.0-M1
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.8-M1
2.2.0
2.2.2
2.2.5
2.2.6
2.2.8
2.2.10
2.2.10-1
3.*
3.0.2
3.0.3
3.0.4
3.0.5
3.0.7
3.0.8
3.0.10
3.0.14
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.1.2
3.1.4
3.1.5
3.1.6
3.1.7
3.2.0
3.2.2
3.4.4
3.5.0
3.6.1
3.7.0
3.8.0
3.9.0
3.9.1
3.9.2
3.9.3
3.10.0
3.11.0
3.12.0
3.12.1
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.13.6
3.14.0
3.14.2
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.6
3.18.1
3.18.2
3.19.0
3.19.4
3.19.5
3.20.0
3.20.1
3.20.2
3.20.3
3.20.5
3.20.8
3.20.9
3.22.0
3.22.1
3.22.2
3.23.0
3.23.2
3.23.4
3.23.5
3.23.8
3.23.11
3.24.0
3.24.2
3.24.3
3.25.0
3.25.1
3.25.2
3.25.3
3.25.4
3.25.5
3.26.0
3.26.1
3.27.0
3.28.0
3.30.0
3.31.1
3.32.1
3.32.3
3.32.5
3.34.0
3.35.0
3.35.1
3.35.2
3.36.0
3.36.1
3.36.2
3.37.0
3.37.2
3.38.0
3.40.0
3.41.1
3.42.0
3.43.0
3.44.0
3.45.0
3.46.0
3.47.1
3.48.0
3.49.0
3.50.0
3.51.0
3.51.1
3.51.2
3.52.1
3.52.3
3.52.5
4.*
4.0.0
4.0.1
4.1.0
4.1.2