Good to know:

• Method of installation: npm
• typescript-rest@3.0.2
  └─┬ swagger-ui-express@4.1.6
  └─┬ swagger-ui-dist version@3.38.0

Description

While running an application through a CI pipeline, a step that runs the dependency vulnerability check, raised the following issue:

Filename: swagger-ui-dist:3.38.0 | Highest CVSS Score: 6.1 | Amount of CVSS: 1 | References: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (6.1)

CWE-79 description

To reproduce

Run dependency-check cli vulnerability tool in any project that has swagger-ui-dist as dependency:
$ dependency-check --scan <path to project>

Expected behavior

No vulnerabilities reported.