Swashbuckle.WebApi is still using old version of jquery v1.8, handlebar js v4.0.5 with both having Security vulnerabilities

[PrakashKumar44]

Hello, jQuery used in Swashbuckle.WebApi v 5.6.0 uses older jquery version which have vulnerabilities like XSS and other security issue which exploit the bugs. Likewise HandleBar 4.0.5 are also vulnerable to prototype pollution and other security issues. But these vulnerabilities were addressed in their next versions. Is there possible way to address these issues since Swashbuckle.WebApi v 5.6.0 is using old vulnerable libraries.

Using latest libraries and regular updates will help mitigate the security vulnerabilities. Any help or information is appreciated. Thanks.

VERSION:

5.6.0

STEPS TO REPRODUCE:

Launch swagger UI and inspect to see jquery 1.8.0 and HandleBar Js 4.0.5 will be used when Swashbuckle.WebAPI 5.6.0 is used/installed in the WebApi project

EXPECTED RESULT:

Swashbuckle.WebApi 5.6.0 should be using latest jquery version having security bug fixes. Likewise for Handlebar Js

ACTUAL RESULT:

Swashbuckle.WebApi 5.6.0 is using old version of jquery 1.8.0 and handlebard js 4.0.5

ADDITIONAL DETAILS

Is there any quick solutions to mitigate these security issues will be appreciated. Thanks

[psilvaisaias]

Hello, I find a way to solve this problem.

https://www.google.com/search?q=customasset+c%23+project+sample+code+swagger&rlz=1C1GCEA_enBR940BR940&ei=Fu6lY8rQG-qQ5OUPzPmMmAo&ved=0ahUKEwjKs7ihqpD8AhVqCLkGHcw8A6MQ4dUDCA8&uact=5&oq=customasset+c%23+project+sample+code+swagger&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQAzIHCCEQoAEQCjIHCCEQoAEQCjIHCCEQoAEQCjoKCAAQRxDWBBCwA0oECEEYAEoECEYYAFCECljcE2D7GWgBcAF4AIABlQGIAcQIkgEDMC44mAEAoAEByAEIwAEB&sclient=gws-wiz-serp#fpstate=ive&vld=cid:f939f917,vid:bPLv_dvBeq0

I create a new Index.html file based on the original file and replace the default swagger file using the method customasset

Best Regards