Name of the Vulnerable Software and Affected Versions lithium with Swagger-UI enabled (affected versions not specified)

Description A XSS vulnerability in the provided Swagger-UI is exploitable in applications, allowing an attacker to gain Remote Code Execution (RCE) and potentially exfiltrate secrets in the context of the Swagger session.

Recommendations For lithium with Swagger-UI enabled, update the used swagger-ui by switching to the latest version of dropwizard-swagger. As a temporary workaround, consider setting up a Content-Security-Policy to reduce the risk of injected external content.