Lucene search
GoogleOSV:GHSA-CR3Q-PQGQ-M8C2HistoryMar 12, 2022 - 12:00 a.m.
Spoofing attack in swagger-ui
2022-03-1200:00:36
Google
osv.dev
611
0.003 Low
EPSS
Percentile
66.3%
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| swagger-ui | lt | 4.1.3 |
References
github.com/swagger-api/swagger-ui
github.com/swagger-api/swagger-ui/issues/4872
github.com/swagger-api/swagger-ui/pull/7697
github.com/swagger-api/swagger-ui/releases/tag/v4.1.3
nvd.nist.gov/vuln/detail/CVE-2018-25031
security.netapp.com/advisory/ntap-20220407-0004
security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885
Related
cve
cve
CVE-2018-25031
2022-03-11 07:15:07
packetstorm
packetstorm
Swagger UI 4.1.3 Critical Information Misrepresentation
2023-04-20 00:00:00
ibm
ibm
Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)
2023-02-15 13:45:24
Security Bulletin: Vulnerabilities in Springfox swagger affect IBM Rational ClearQuest
2023-09-29 17:27:30
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 17:52:34
exploitdb
exploitdb
github
github
Spoofing attack in swagger-ui
2022-03-12 00:00:36
cvelist
cvelist
CVE-2018-25031
2022-03-11 06:47:46
osv
osv
CVE-2018-25031
2022-03-11 07:15:07
prion
prion
Design/Logic Flaw
2022-03-11 07:15:00
zdt
zdt
veracode
veracode
Spoofing Attack
2022-03-14 06:03:00
nvd
nvd
CVE-2018-25031
2022-03-11 07:15:07
ubuntucve
ubuntucve
CVE-2018-25031
2022-03-11 00:00:00