CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar
Created by: mend-bolt-for-github[bot]
CVE-2018-25031 - Medium Severity Vulnerability
Vulnerable Library - springfox-swagger-ui-3.0.0.jar
JSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to dependency file: /pom.xml
Path to vulnerable library: /repository/io/springfox/springfox-swagger-ui/3.0.0/springfox-swagger-ui-3.0.0.jar
Dependency Hierarchy:
-
❌ springfox-swagger-ui-3.0.0.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Publish Date: 2022-03-11
URL: CVE-2018-25031
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-qrmm-w75w-3wpx
Release Date: 2022-03-11
Fix Resolution: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3
Step up your Open Source Security Game with Mend here