CVE-2024-22207MEDIUMPoC≥ 2.0.0, < 2.1.02024-01-16
CVE-2024-22207 [MEDIUM] CWE-1188 Default swagger-ui configuration exposes all files in the module
Default swagger-ui configuration exposes all files in the module
### Impact
The default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module.
### Patches
Update to v2.1.0
### Workarounds
Use the `baseDir` option
### References
[HackerOne report
](https://hackerone.com/reports/2312369).
ghsaosv