Swagger Ui
Approved changes feed: RSS · Atom
cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:node.js:*:*
part: a version: * update: *
| Vendor | Smartbear (94fec60b-612f-51ea-9024-b74cfc3c3f18) |
|---|---|
| Product | Swagger Ui (b4fe3dc8-12a0-5445-880c-aed3ce70a089) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/buuuksg/swagger-ui |
purl2cpe | 2026-06-01 10:18:17.048453 |
pkg:docker/swaggerapi/swagger-ui |
purl2cpe | 2026-06-01 10:18:17.048455 |
pkg:github/swagger-api/swagger-ui |
purl2cpe | 2026-06-01 10:18:17.048457 |
pkg:maven/org.webjars.npm/swagger-ui |
purl2cpe | 2026-06-01 10:18:17.048459 |
pkg:npm/swagger-ui |
purl2cpe | 2026-06-01 10:18:17.048461 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-22207 |
vulnerable | 2026-06-08 06:29:34.128769 |
Default swagger-ui configuration exposes all files in the module
MEDIUM (5.3)
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Published: 2024-01-15T15:40:35.252Z
Updated: 2025-06-17T14:34:45.374Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.