A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that
Vulnerable Library - springfox-swagger-ui-2.4.0.jar
JSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to vulnerable library: /lib/springfox-swagger-ui-2.4.0.jar
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-17495
### Vulnerable Library - springfox-swagger-ui-2.4.0.jarJSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to vulnerable library: /lib/springfox-swagger-ui-2.4.0.jar
Dependency Hierarchy: - :x: **springfox-swagger-ui-2.4.0.jar** (Vulnerable Library)
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Found in base branch: main
### Vulnerability DetailsA Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that