swagger-ui, is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI
function allowing a remote attacker to exploit and hijack victim click actions.
Vendor | Product | Version | CPE |
---|---|---|---|
smartbear | swagger_ui | * | cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* |
smartbear | swagger-ui-dist | * | cpe:2.3:a:smartbear:swagger-ui-dist:*:*:*:*:*:node.js:*:* |
github.com/advisories/GHSA-6c9x-mj3g-h47x
github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76
github.com/swagger-api/swagger-ui/issues/4872
github.com/swagger-api/swagger-ui/pull/7697
security.netapp.com/advisory/ntap-20220407-0004/
www.npmjs.com/package/swagger-ui-dist/v/4.1.3