VDB
GHSA-QRMM-W75W-3WPX
GHSA-QRMM-W75W-3WPX
PUBLISHED
CVSS 8.5 HIGH
Server side request forgery in SwaggerUI
Risk Scores
CVSS v4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NuGet | Swashbuckle.AspNetCore.SwaggerUI | 5.6.1, 2.0.0, 5.5.0 |
| npm | swagger-ui-react | 0, 0, 0 |
| npm | swagger-ui-dist | 0, 0, 0 |
| npm | swagger-ui | 0, 0, 0 |
| NuGet | Swashbuckle.AspNetCore.SwaggerUI | 0, 0, 0 |
Timeline
- Dec 9, 2021 CVE Published
- May 26, 2022 CVE Updated
References
- https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx url
- https://github.com/swagger-api/swagger-ui product
- GitHub Advisory GHSA-qrmm-w75w-3wpx vendor-advisory
- https://github.com/swagger-api/swagger-ui/issues/4872 url
- https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29 url
- https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76 url