Description
Swagger UI is a tool to visualize and interact with your APIs. Certain versions of Swagger UI (between 3.14.1 and 3.38.0) are vulnerable to a DOM-based XSS vulnerability because they are using an outdated version of the library DOMPurify.
Remediation
Upgrade to the latest version of Swagger UI.
References
Related Vulnerabilities
Apache Traffic Server Memory Disclosure Vulnerability (CVE-2020-17508)
WordPress Plugin WatchTowerHQ Privilege Escalation (3.6.16)
WordPress Plugin JupiterX Core Multiple Vulnerabilities (2.0.6)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)
Ruby Improper Input Validation Vulnerability (CVE-2018-8779)