Use Swagger UI >= 4.1.3 due to CVE-2021-46708

DarkaOnLine / L5-Swagger

OpenApi or Swagger integration to Laravel

https://github.com/DarkaOnLine/L5-Swagger

MIT License

2.64k stars 394 forks source link

Use Swagger UI >= 4.1.3 due to CVE-2021-46708 #547

Closed DarkaOnLine closed 1 year ago

DarkaOnLine commented 1 year ago

Fixes #546

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

coveralls commented 1 year ago

coverage: 98.281%. remained the same when pulling 58500111afe40d7016913d40ad8925489918c4b5 on fix/CVE-2021-46708 into 5d235157cc0219e4cafc93928f81c299c9216a86 on master.