Moderate severityNVD Advisory· Published Mar 11, 2022· Updated Aug 5, 2024
CVE-2018-25031
CVE-2018-25031
Description
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swagger-uinpm | < 4.1.3 | 4.1.3 |
org.webjars:swagger-uiMaven | < 4.1.3 | 4.1.3 |
Affected products
3- Swagger UI/Swagger UIdescription
- ghsa-coords2 versions
< 4.1.3+ 1 more
- (no CPE)range: < 4.1.3
- (no CPE)range: < 4.1.3
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-cr3q-pqgq-m8c2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-25031ghsaADVISORY
- github.com/swagger-api/swagger-ui/issues/4872ghsaWEB
- github.com/swagger-api/swagger-ui/pull/7697ghsaWEB
- github.com/swagger-api/swagger-ui/releases/tag/v4.1.3ghsaWEB
- security.netapp.com/advisory/ntap-20220407-0004ghsaWEB
- security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885ghsaWEB
- security.netapp.com/advisory/ntap-20220407-0004/mitre
News mentions
0No linked articles in our index yet.