AIKIDO-2024-10383
swagger-api/swagger-ui is vulnerable to Denial of Service (DoS)
65
Medium Risk
This Affects:
swagger-api/swagger-uiTL;DR
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a vulnerability in Node.js, which is utilized by the Docker configuration in swagger-ui. This issue can be triggered by sending specially crafted requests, leading to excessive resource consumption and potentially causing the application to become unresponsive. Updating Node.js will mitigate such DoS attacks.
Who does this affect?
You are affected if you are using a version which is within vulnerability ranges and you are using a Docker image with Node.js 18.20.1-r0.
Background info
swagger-api/swagger-ui is vulnerable to Denial of Service (DoS) in versions 1.0 - 5.13.0.
How to fix this
Upgrade the swagger-api/swagger-ui library to the patch version or update the Node.js version on your Docker image.
Links
GitHub Release
Other
openwall.com/lists/oss-security/2024/04/03/16hackerone.com/reports/2319584lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/security.netapp.com/advisory/ntap-20240510-0002/lists.debian.org/debian-lts-announce/2024/09/msg00029.htmlkb.cert.org/vuls/id/421644
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant