What is CVE-2018-25031?

CVE-2018-25031 is a vulnerability in N/a. Published 2022-03-11.

Is CVE-2018-25031 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was origin…

EPSS: 0.804 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

mathis2001/CVE-2018-25031
afine-com/CVE-2018-25031
rafaelcintralopes/SwaggerUI-CVE-2018-25031
rasinfosec/CVE-2018-25031
labeebSabbah/CVE-2018-25031
RelicHunt3r/swagger-ui
h4ckt0m/CVE-2018-25031-test
nigartest/CVE-2018-25031
Proklinius897/CVE-2018-25031-tests
KonEch0/CVE-2018-25031-SG

References

security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885
github.com/swagger-api/swagger-ui/issues/4872
github.com/swagger-api/swagger-ui/releases/tag/v4.1.3
security.netapp.com/advisory/ntap-20220407-0004/

Frequently asked questions

What is CVE-2018-25031?: CVE-2018-25031 is a vulnerability in N/a. Published 2022-03-11.
Is CVE-2018-25031 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.