Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-22207

Published: 15/01/2024 Updated: 16/02/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Smartbear

Vulnerability Summary

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. before 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

smartbear swagger ui

References

CWE-1188https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7https://security.netapp.com/advisory/ntap-20240216-0002/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook