search

DarkaOnLine / L5-Swagger

OpenApi or Swagger integration to Laravel
https://github.com/DarkaOnLine/L5-Swagger
MIT License
2.64k stars 394 forks source link

CVE-2021-46708 #546

Closed leorimmer closed 1 year ago

leorimmer commented 1 year ago

Description:

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

Steps To Reproduce:

Upgrade swagger-UI dependency to 4.1.3 minimum

DarkaOnLine commented 1 year ago

Thnsk you for reporting this 🙏