What are the exact affected and fixed SwaggerUI versions for CVE-2016-7559 & CVE-2016-7918 (CVSS10)?

Question

Hello,&nbsp;What are the exact affected and fixed SwaggerUI versions for CVE-2016-7559 &amp; CVE-2016-7918 (CVSS10)?&nbsp;Thank you,h3xspirit

h3xspirit · Answer

Not much information has been publicly posted. However, the two aforementioned CVEs have been created for two (2) critical (CVSS 10) SwaggerUI vulnerabilities that were discovered by https://pl.linkedin.com/in/arturczyz who cannot be reached.

Since we received these new vulnerability notifications, we would like to know just only the exact affected versions to make sure that we are secure. Otherwise what is the point for posting that two critical exploitable vulnerabilities have been identified for Swagger-UI with no details whatsoever.

Thank you,

h3xspirit

fehguy · Answer

Hi, this is the community forum for SwaggerHub, NOT swagger-ui. &nbsp;To help us keep focus on the SwaggerHub project, please send&nbsp;general OSS questions to our Google Group:
&nbsp;
https://groups.google.com/forum/#!forum/swagger-swaggersocket
&nbsp;
Or directly to the security team:
&nbsp;
security@swagger.io
&nbsp;

Forum Discussion

What are the exact affected and fixed SwaggerUI versions for CVE-2016-7559 & CVE-2016-7918 (CVSS10)?

2 Replies

Related Content

swaggerui Undocumented Error: OK

Creating SwaggerUI with pre existing swagger.json document

SwaggerUI multiple values generated

How to Load Different Datasets into SwaggerUI?

SwaggerUI: Failed to fetch.

Recent Discussions

Help me solve this error

How do I bypass the Available authorizations dialog?

Last-Modified header is invalid: api.swaggerhub.com

Creating SWAGGER File

Referencing path parameters declared in Domains