CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
94.1%
fastify-swagger-ui is vulnerable to Directory Traversal. The vulnerability is caused due to a default configuration issue in @fastify/swagger-ui
.If the baseDir option is not set, the module exposes all files in its directory through the HTTP route it serves. This allows an attacker to gain unauthorized access to files outside the intended scope.