Lucene search
+L

5 matches found

Nuclei
Nuclei
added yesterday154 views

Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.7AI score0.02001EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/15 3:40 p.m.52 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.4AI score0.02001EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/15 3:40 p.m.3 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5AI score0.02001EPSS
Exploits0References3
CVE
CVE
added 2024/01/15 3:40 p.m.85 views

CVE-2024-22207

CVE-2024-22207 affects the fastify-swagger-ui Fastify plugin. Before version 2.1.0, the default configuration of @fastify/swagger-ui without a baseDir exposes all files in the module directory via HTTP routes, enabling information disclosure. The issue is resolved in v2.1.0; as a workaround, conf...

5.3CVSS5.1AI score0.02001EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/15 3:40 p.m.31 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.3AI score0.02001EPSS
Exploits0References5
Rows per page
Query Builder