Vulnerability Description
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartbear | Swagger Ui | < 4.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/swagger-api/swagger-ui/issues/4872Issue TrackingPatchThird Party Advisory
- https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3Release NotesThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220407-0004/Third Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885PatchThird Party Advisory
- https://github.com/swagger-api/swagger-ui/issues/4872Issue TrackingPatchThird Party Advisory
- https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3Release NotesThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220407-0004/Third Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885PatchThird Party Advisory
FAQ
What is CVE-2018-25031?
CVE-2018-25031 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote Ope...
How severe is CVE-2018-25031?
CVE-2018-25031 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25031?
Check the references section above for vendor advisories and patch information. Affected products include: Smartbear Swagger Ui.