Safety vulnerability ID: 52699
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Py-swagger-ui before 1.1.0 uses versions of 'swagger-ui' (2.2.10, 3.52.0) with a known vulnerability: including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances.
https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
Latest version: 1.1.0
Swagger UI bundled for usage with Python
[4.1.3](https://github.com/swagger-api/swagger-ui/compare/v4.1.2...v4.1.3) (2021-12-10)
Bug Fixes
* **security:** disable reading config params from URL search params ([7697](https://github.com/swagger-api/swagger-ui/issues/7697)) ([01a3e55](https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76)), closes [#4872](https://github.com/swagger-api/swagger-ui/issues/4872), security advisory https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
> Note: to re-enable the functionality of reading config params from URL, set new `queryConfigEnabled` core parameter to `true`. More info in [documentation](https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md#core).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application