Lucene search
K

5 matches found

Nuclei
Nuclei
added 14 hours ago154 views

Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS6.2AI score0.02001EPSS
Exploits0References2
OSV
OSV
added 2024/01/15 3:40 p.m.31 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.3AI score0.02001EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/15 3:40 p.m.3 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5AI score0.02001EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/15 3:40 p.m.51 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.4AI score0.02001EPSS
Exploits0References3
CVE
CVE
added 2024/01/15 3:40 p.m.84 views

CVE-2024-22207

CVE-2024-22207 affects the fastify-swagger-ui Fastify plugin. Before version 2.1.0, the default configuration of @fastify/swagger-ui without a baseDir exposes all files in the module directory via HTTP routes, enabling information disclosure. The issue is resolved in v2.1.0; as a workaround, conf...

5.3CVSS5.1AI score0.02001EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder