Skip to content

WS-2018-0593 (Medium) detected in swagger-ui-2.0.24.jar #66

New issue
New issue
Open
Open
WS-2018-0593 (Medium) detected in swagger-ui-2.0.24.jar#66
Labels
security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Sep 24, 2019

WS-2018-0593 - Medium Severity Vulnerability

Vulnerable Library - swagger-ui-2.0.24.jar

WebJar for Swagger UI

Library home page: http://webjars.org

Path to dependency file: /tmp/ws-scm/aos_source/common/pom.xml

Path to vulnerable library: epository/org/webjars/swagger-ui/2.0.24/swagger-ui-2.0.24.jar

Dependency Hierarchy:

  • swagger-ui-2.0.24.jar (Vulnerable Library)

Found in HEAD commit: 83601fa71d48d16fba4d9361a6cdf00b6a9f5ffa

Vulnerability Details

Swagger-ui before 3.18.0 is vulnerable to Reverse Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in conjunction with the rel="noopener" attribute. Opening a link via target blank attribute can change the original page, origin policy restrictions set by the browser can be bypassed.

Publish Date: 2019-06-17

URL: WS-2018-0593

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: swagger-api/swagger-ui#4789

Release Date: 2019-06-17

Fix Resolution: v3.18.0

Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions