You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
swagger-ui is a library that allows interaction and visualisation of APIs.
Affected versions of this package are vulnerable to Reverse Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in conjunction with the rel="noopener" attribute. A link opened via target blank attribute can make changes to the original page, essentially bypassing same origin policy restrictions set by the browser.
Overview
swagger-ui is a library that allows interaction and visualisation of APIs.
Affected versions of this package are vulnerable to Reverse Tabnabbing. Setting
target="_blank"
on anchor tags is unsafe unless used in conjunction with therel="noopener"
attribute. A link opened via target blank attribute can make changes to the original page, essentially bypassing same origin policy restrictions set by the browser.Remediation
Upgrade
swagger-ui
to version 3.18.0 or higher.References
The text was updated successfully, but these errors were encountered: