Security vulnerability detected in APInf API management platform

Security vulnerability has been detected. This affects all APInf instances. This affects mostly the SaaS site This also affects 3rd party installations which are not under APInf control.

Instances (except which are managed by APInf have been secured. Securing has been done so that adding a new API and Organisation has been temporarily prevented. Under current understanding the vulnerability is not exploitable, unless users with administrator role take certain actions.

Vulnerability allows attacker execute JavaScript code.

PR fixes the vulnerability. We will do a release and deploy a fix release to soon. After that we start updating other instances.

If you would like to receive updates via email, please use this form to subscribe:

We apologize for potential problems caused by the vulnerability.

This vulnerability was reported to us by Hammad.