Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-11T06:47:46

Updated: 2024-08-05T12:26:39.523Z

Reserved: 2022-03-11T00:00:00

Link: CVE-2018-25031

cve-icon Vulnrichment

Updated: 2024-08-05T12:26:39.523Z

cve-icon NVD

Status : Modified

Published: 2022-03-11T07:15:07.190

Modified: 2024-08-01T13:41:41.080

Link: CVE-2018-25031

cve-icon Redhat

No data.