CVE-2024-22207

Default swagger-ui configuration exposes all files in the module

CVSS 5.3 MEDIUMEPSS 2.0%CWE-1188

In short

The fastify-swagger-ui plugin exposes all files in its directory through HTTP by default, allowing attackers to access sensitive files that should be private. Updating to version 2.1.0 or configuring the baseDir option fixes this issue.

Technical detail

fastify-swagger-ui versions prior to 2.1.0 lack proper path restriction in the default configuration, enabling directory traversal attacks where HTTP requests can retrieve arbitrary files from the module directory. This requires the plugin to be active with default settings, and impacts confidentiality by exposing source code, configuration, and other sensitive module files.

Summary generated and translated by AI from the official description.

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

fastify · fastify-swagger-ui

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 https://security.netapp.com/advisory/ntap-20240216-0002/