New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Private IP of build machine is being exposed! #7446
Labels
Comments
Hi @pedrolamas, Thanks for pointing this out! The addition of HOSTNAME in definition plugins comes from this commit: b7bbead#diff-1ebec643c7cac50a42cb61%5B%E2%80%A6%5D389ad60f5ed0991fc3f10edf736a It is associated with this ticket: #1334 I've investigated and we don't use it nor need it AFAICT I've included handling this in v4 release: #7341 |
char0n
added a commit
that referenced
this issue
Sep 10, 2021
17 tasks
char0n
added a commit
that referenced
this issue
Sep 10, 2021
pedrolamas
added a commit
to pedrolamas/Swashbuckle.AspNetCore
that referenced
this issue
Sep 10, 2021
This will fix a security issue reported here: swagger-api/swagger-ui#7446
brendasmith8
pushed a commit
to brendasmith8/Swash-buckle-AspNetCore-repository
that referenced
this issue
Sep 22, 2022
This will fix a security issue reported here: swagger-api/swagger-ui#7446
onlinedev0808
added a commit
to onlinedev0808/Swashbuckle.AspNetCore
that referenced
this issue
Jun 2, 2023
This will fix a security issue reported here: swagger-api/swagger-ui#7446
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Q&A (please complete the following information)
Describe the bug you're encountering
We are using OWASP Zed Attack Proxy (ZAP) scan in our builds, and we just noticed a warning from "swagger-ui-bundle.js", specifically that it is exposing a Private IP.
When we looked, it was the build machine IP that was on the file, I believe caused by this line.
Expected behavior
No private information should be output. Personally, I can't think of any reason for the build machine name/ip to be part of the output bundle!
Additional context or thoughts
The text was updated successfully, but these errors were encountered: