The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
coverage: 98.281%. remained the same when pulling 58500111afe40d7016913d40ad8925489918c4b5 on fix/CVE-2021-46708 into 5d235157cc0219e4cafc93928f81c299c9216a86 on master.
Fixes #546
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
https://nvd.nist.gov/vuln/detail/CVE-2021-46708