A vulnerability was discovered whereby a specially crafted configuration file could be passed via the Swagger page's configURL= parameter, allowing for arbitrary HTML content to be displayed.
The fix for this is to update the NSwag.AspNetCore to v13.20.*
ESTIMATE TBD
What's the expected change?
Navigating to https://webapis.cancer.gov/glossary/v1/index.html?configUrl=https://jumpy-floor.surge.sh/test.json should display the glossary Swagger page.
What's the current functionality?
Navigating to that link displays a different site's Swagger page.
Issue description
A vulnerability was discovered whereby a specially crafted configuration file could be passed via the Swagger page's
configURL=parameter, allowing for arbitrary HTML content to be displayed.The fix for this is to update the
NSwag.AspNetCoretov13.20.*What's the expected change?
https://webapis.cancer.gov/glossary/v1/index.html?configUrl=https://jumpy-floor.surge.sh/test.jsonshould display the glossary Swagger page.What's the current functionality?
What's the updated acceptance criteria?
Additional details / screenshot
Related Tickets