typescript-rest
typescript-rest copied to clipboard

Published 20 hours ago •

thiagobustamante

Reame
Issues

swagger-ui-dist dependency with vulnerability at version 3.38.0

Open thaiscpaz opened this issue 4 years ago • 0 comments

Good to know:

Method of installation: npm
[email protected] └─┬ [email protected] └─┬ swagger-ui-dist [email protected]

Description

While running an application through a CI pipeline, a step that runs the dependency vulnerability check, raised the following issue:

Filename: swagger-ui-dist:3.38.0 | Highest CVSS Score: 6.1 | Amount of CVSS: 1 | References: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (6.1)

CWE-79 description

To reproduce

Run dependency-check cli vulnerability tool in any project that has swagger-ui-dist as dependency: $ dependency-check --scan <path to project>

Expected behavior

No vulnerabilities reported.

Jan 06 '21 13:01 thaiscpaz