CVE-2024-22207
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-22207
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22207.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22207
- Aliases
- Related
- Published
- 2024-01-15T16:15:13Z
- Modified
- 2025-01-15T05:08:15.838221Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of
@fastify/swagger-uiwithoutbaseDirset will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting thebaseDiroption can also work around this vulnerability. - References
Affected packages
Git / github.com/fastify/fastify-swagger-ui
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fastify/fastify-swagger-ui
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/swagger-api/swagger-ui
- Events
Affected versions
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.10.0
v1.10.1
v1.10.2
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.24
v2.0.3
v2.0.4
v2.0.7
v2.0.8
v2.0.9
v2.1.0-M1
v2.1.0-M2
v2.1.0-alpha.1
v2.1.0-alpha.4
v2.1.0-alpha.5
v2.1.0-alpha.6
v2.1.1-M1
v2.1.1-M2
v2.1.2-M1
v2.1.2-M2
v2.1.3-M1
v2.1.3-M2
v2.1.4-M1
v2.1.4-M2
v2.1.5-M1
v2.1.5-M2
v2.1.6-M1
v2.1.7-M1
v2.1.8-M1