CVE-2024-22207 PoC — Swagger UI 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-22207.yaml

Associated Vulnerability

Title:Swagger UI 安全漏洞 (CVE-2024-22207)
Description:Swagger UI是一款支持可视化API资源并能够与之进行交互的开源工具。 Swagger UI v2.1.0 之前版本存在安全漏洞，该漏洞源于默认 swagger-ui 配置公开模块中的所有文件。

Description

fastify-swagger-ui is a Fastify plugin for serving Swagger UI.  Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module.  The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.

File Snapshot


 id: CVE-2024-22207

info:
  name: Fastify Swagger-UI - Information Disclosure
  author: DhiyaneshDK,

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!