10 matches found
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
Security Bulletin: Spoofing vulnerability affect IBM Business Automation Workflow - Process Federation Server component - CVE-2018-25013
Summary Process Federation Server shipped with IBM Business Automation Workflow are vulnerable to a Spoofing attack. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL...
GHSA-CR3Q-PQGQ-M8C2 Spoofing attack in swagger-ui
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
Swagger UI 输入验证错误漏洞
Swagger UI is an open source tool that supports visualizing and interacting with API resources. An input validation error vulnerability exists in Swagger UI versions prior to 4.1.3, which stems from the software's lack of filtering and escaping of user-submitted URL data. This vulnerability can b...
PT-2022-8044 · Unknown · Swagger-Ui
Name of the Vulnerable Software and Affected Versions: Swagger UI versions 4.1.2 and earlier Description: The issue allows a remote attacker to conduct spoofing attacks by persuading a victim to open a crafted URL, which could exploit this vulnerability to display remote OpenAPI definitions...
Server side request forgery in SwaggerUI
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...
GHSA-QRMM-W75W-3WPX Server side request forgery in SwaggerUI
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...