4 matches found
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000229 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000229 Source advisory: OSV:GHSA-H8WP-WGCQ-QHRF...
CVE-2016-1000229
swagger-ui has XSS in key names...
CVE-2016-1000229
swagger-ui has XSS in key names...
CVE-2016-1000229
Swagger-UI CVE-2016-1000229: Cross-site scripting via key names in the JSON document. Root cause: improper validation of user-supplied input in Swagger UI. Impact: remote attacker could execute script in a victim’s browser within the hosting site’s security context. Remediation (per Red Hat IBM a...