Affected versions of
swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document.
The vulnerable object structure is:
Malicious JSON documents can be loaded in by providing a URL to them in the
url query string parameter.
Update to version 2.2.1 or later.