Details
Alert ID 100043-1
Alert Type Script Active
Status alpha
Risk High
CWE 522
WASC
Technologies Targeted All
Tags CWE-522
OWASP_2017_A06
OWASP_2021_A05
POLICY_API
POLICY_PENTEST
More Info Scan Rule Help

Summary

This Swagger UI version is known to contain vulnerabilities. Exploitation may allow unauthorized access, XSS, or token theft.

Affected versions:

  • Swagger UI v2 < 2.2.10
  • Swagger UI v3 < 3.24.3

Solution

Upgrade to the latest version of Swagger UI. Regularly review and patch known issues.

Other Info

References

Code

scripts/scripts/active/SwaggerSecretDetector.js