deronsmith
commented
2 years ago Updated swagger UI version, tested exploit and properly prevents behavior.
Open deronsmith opened 2 years ago
deronsmith
commented
2 years ago Updated swagger UI version, tested exploit and properly prevents behavior.
Update openAPI to the latest version to resolve configUrl overwrite exploit.
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/