{"url":"http://public2.vulnerablecode.io/api/packages/408836?format=json","purl":"pkg:npm/swagger-ui@2.0.17","type":"npm","namespace":"","name":"swagger-ui","version":"2.0.17","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.5","latest_non_vulnerable_version":"4.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361782?format=json","vulnerability_id":"VCID-38j4-f36y-5yak","summary":"XSS in key names\nSwagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: `.definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}`. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the `URL` query-string parameter.","references":[{"reference_url":"https://en.wikipedia.org/wiki/Content_Security_Policy","reference_id":"","reference_type":"","scores":[],"url":"https://en.wikipedia.org/wiki/Content_Security_Policy"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1865","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/swagger-api/swagger-ui/issues/1865"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388672?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GMS-2016-45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38j4-f36y-5yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361799?format=json","vulnerability_id":"VCID-m135-w2rd-t3bx","summary":"XSS in URL Query String Parameter\nThere's a cross site scripting (XSS) vulnerability in the `url` query string parameter.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1262","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/swagger-api/swagger-ui/issues/1262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371331?format=json","purl":"pkg:npm/swagger-ui@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38j4-f36y-5yak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0"}],"aliases":["GMS-2016-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m135-w2rd-t3bx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.0.17"}