Lucene search

PRIOn knowledge basePRION:CVE-2024-22207

HistoryJan 15, 2024 - 4:15 p.m.

Default configuration

2024-01-1516:15:00

PRIOn knowledge base

www.prio-n.com

fastify

plugin

swagger ui

vulnerability

fix

default configuration

files

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module’s directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the baseDir option can also work around this vulnerability.

CPENameOperatorVersion
swagger_uige2.0.0
swagger_uilt2.1.0

CPE	Name	Operator	Version
	swagger_ui	ge	2.0.0
	swagger_ui	lt	2.1.0

References

github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7

github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4

security.netapp.com/advisory/ntap-20240216-0002/