CVE-2016-1000226

Name of the Vulnerable Software and Affected Versions: swagger-ui versions prior to 2.2.1

Description: The issue concerns cross-site scripting in the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, enabling an attacker to exploit this attack against any user that visits a crafted link, such as "/swagger-ui/index.html?url=http:///malicious-swagger-file.json".

Recommendations: Update to version 2.2.1 or later.