[GHSA-mrx7-8hxf-f853] Cross-Site Scripting in swagger-ui #2834
Conversation
github-actions
bot
changed the base branch from
main
to
tdunlap607/advisory-improvement-2834
|
Are you sure that's the correct fix commit? Based on the description I think this one may also be a candidate |
|
@darakian Hi! I think we've found a potential duplicate security advisory. I used commit swagger-api/swagger-ui@a1aea70 for this advisory: GHSA-g336-c7wv-8hp3. The pull pointed back to the original issue of 1617. This advisory (GHSA-mrx7-8hxf-f853) has the issue 1863, which was closed by swagger-api/swagger-ui@331d2be. It seems like we should potentially combine the two advisories (GHSA-mrx7-8hxf-f853 & GHSA-g336-c7wv-8hp3) into a single advisory. Also, I just noticed that this advisory's referenced CVE (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000233) was reserved but never used -> https://nvd.nist.gov/vuln/detail/CVE-2016-1000233 |
I would love to. We really need to build that merge functionality 😅 |
advisory-database
bot
merged commit 0035e0d
into
tdunlap607/advisory-improvement-2834
|
Hi @tdunlap607! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Updates
Comments
Adding the patch links for:
v2.2.1: swagger-api/swagger-ui@331d2be
This is from the PR (1869) that closed the original issue (1863): "Escape curl command to fix XSS vulnerability."