Impact
The default configuration of @fastify/swagger-ui
without baseDir
set will lead to all files in the module's directory being exposed via http routes served by the module.
Patches
Update to v2.1.0
Workarounds
Use the baseDir
option
References
HackerOne report
.
Impact
The default configuration of
@fastify/swagger-ui
withoutbaseDir
set will lead to all files in the module's directory being exposed via http routes served by the module.Patches
Update to v2.1.0
Workarounds
Use the
baseDir
optionReferences
HackerOne report
.