Path Traversal in swagger-injector

All versions of swagger-injector are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the configured dist folder using relative paths.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

References

https://www.npmjs.com/advisories/1172

Reviewed Aug 31, 2020

Published to the GitHub Advisory Database Sep 3, 2020

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Recommendation

References

Severity

Weaknesses

CVE ID

GHSA ID

Source code