CVE-2018-25031

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25031

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25031.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-25031

Aliases

GHSA-cr3q-pqgq-m8c2

Published

2022-03-11T07:15:07Z

Modified

2024-08-01T16:49:36.192895Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

References

Affected packages

Git / github.com/swagger-api/swagger-ui

Affected ranges

Type: GIT
Repo: https://github.com/swagger-api/swagger-ui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

86e7f002c6dc55c935e18e82f9c5576dc48a7ff2

Affected versions

Other

$GIT_TAG

3.*

3.3.1

3.8.1

v/3.*

v/3.18.0

v1.*

v1.0

v1.0.1

v1.0.12

v1.0.13

v1.1.1

v1.1.15

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.24

v2.0.3

v2.0.4

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.0-M1

v2.1.0-M2

v2.1.0-alpha.1

v2.1.0-alpha.4

v2.1.0-alpha.5

v2.1.0-alpha.6

v2.1.1

v2.1.1-M1

v2.1.1-M2

v2.1.2

v2.1.2-M1

v2.1.2-M2

v2.1.3

v2.1.3-M1

v2.1.3-M2

v2.1.4

v2.1.4-M1

v2.1.4-M2

v2.1.5

v2.1.5-M1

v2.1.5-M2

v2.1.6-M1

v2.1.7-M1

v2.1.8-M1

v2.2.0

v2.2.1

v2.2.10

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v3.*

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.0.18

v3.0.19

v3.0.2

v3.0.20

v3.0.21

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.10.0

v3.11.0

v3.12.0

v3.12.1

v3.12.9

v3.13.0

v3.13.2

v3.13.3

v3.13.4

v3.13.5

v3.13.6

v3.14.0

v3.14.1

v3.14.2

v3.15.0

v3.16.0

v3.17.0

v3.17.1

v3.17.2

v3.17.3

v3.17.4

v3.17.5

v3.17.6

v3.18.0

v3.18.1

v3.18.2

v3.18.3

v3.19.0

v3.19.1

v3.19.2

v3.19.3

v3.19.4

v3.19.5

v3.2.0

v3.2.1

v3.2.2

v3.20.0

v3.20.1

v3.20.2

v3.20.3

v3.20.4

v3.20.5

v3.20.6

v3.20.7

v3.20.8

v3.20.9

v3.21.0

v3.22.0

v3.22.1

v3.22.2

v3.22.3

v3.23.0

v3.23.1

v3.23.10

v3.23.11

v3.23.2

v3.23.3

v3.23.4

v3.23.5

v3.23.6

v3.23.7

v3.23.8

v3.23.9

v3.24.0

v3.24.1

v3.24.2

v3.24.3

v3.25.0

v3.25.1

v3.25.2

v3.25.3

v3.25.4

v3.25.5

v3.26.0

v3.26.1

v3.26.2

v3.27.0

v3.28.0

v3.29.0

v3.3.0

v3.3.1

v3.3.2

v3.30.0

v3.30.1

v3.30.2

v3.31.0

v3.31.1

v3.32.0

v3.32.1

v3.32.2

v3.32.3

v3.32.4

v3.32.5

v3.33.0

v3.34.0

v3.35.0

v3.35.1

v3.35.2

v3.36.0

v3.36.1

v3.36.2

v3.37.0

v3.37.1

v3.37.2

v3.38.0

v3.39.0

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.40.0

v3.41.0

v3.41.1

v3.42.0

v3.43.0

v3.44.0

v3.44.1

v3.45.0

v3.45.1

v3.46.0

v3.47.0

v3.47.1

v3.48.0

v3.49.0

v3.5.0

v3.50.0

v3.51.0

v3.51.1

v3.51.2

v3.52.0

v3.52.1

v3.52.2

v3.52.3

v3.52.4

v3.52.5

v3.6.0

v3.6.1

v3.7.0

v3.8.0

v3.8.1

v3.9.0

v3.9.1

v3.9.2

v4.*

v4.0.0

v4.0.1

v4.1.0

v4.1.1

v4.1.2