CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed #677

mend-bolt-for-github · 2022-03-25T13:35:40Z

CVE-2018-25031 - Medium Severity Vulnerability

Vulnerable Library - springfox-swagger-ui-3.0.0.jar

JSON API documentation for spring based applications

Library home page: https://github.com/springfox/springfox

Path to dependency file: /persistence/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.springfox/springfox-swagger-ui/3.0.0/1e665fbe22148f7c36fa8a08e515a0047cd4390b/springfox-swagger-ui-3.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.springfox/springfox-swagger-ui/3.0.0/1e665fbe22148f7c36fa8a08e515a0047cd4390b/springfox-swagger-ui-3.0.0.jar,/files-2.1/io.springfox/springfox-swagger-ui/3.0.0/1e665fbe22148f7c36fa8a08e515a0047cd4390b/springfox-swagger-ui-3.0.0.jar,/files-2.1/io.springfox/springfox-swagger-ui/3.0.0/1e665fbe22148f7c36fa8a08e515a0047cd4390b/springfox-swagger-ui-3.0.0.jar

Dependency Hierarchy:

❌ springfox-swagger-ui-3.0.0.jar (Vulnerable Library)

Found in HEAD commit: 896f8f9f7c3c9577f1a60ccb32eeadda99c5d566

Found in base branch: develop

Vulnerability Details

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

Publish Date: 2022-03-11

URL: CVE-2018-25031

CVSS 3 Score Details (4.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qrmm-w75w-3wpx

Release Date: 2022-03-11

Fix Resolution: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github · 2022-03-25T13:36:29Z

ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #678

mend-bolt-for-github · 2022-03-25T13:36:30Z

ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #678

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Mar 25, 2022

mend-bolt-for-github bot changed the title ~~CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar~~ CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed Mar 25, 2022

mend-bolt-for-github bot closed this as completed Mar 25, 2022

mend-bolt-for-github bot changed the title ~~CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar~~ CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed Mar 25, 2022

mend-bolt-for-github bot closed this as completed Mar 25, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed #677

CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed #677

mend-bolt-for-github bot commented Mar 25, 2022

mend-bolt-for-github bot commented Mar 25, 2022

mend-bolt-for-github bot commented Mar 25, 2022

CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed #677

CVE-2018-25031 (Medium) detected in springfox-swagger-ui-3.0.0.jar - autoclosed #677

Comments

mend-bolt-for-github bot commented Mar 25, 2022

CVE-2018-25031 - Medium Severity Vulnerability

mend-bolt-for-github bot commented Mar 25, 2022

mend-bolt-for-github bot commented Mar 25, 2022