Security vulnerability detected in APInf API management platform

Security vulnerability has been detected. This affects all APInf instances. This affects mostly the SaaS site apinf.io. This also affects 3rd party installations which are not under APInf control.

Instances (except apinf.io) which are managed by APInf have been secured. Securing has been done so that adding a new API and Organisation has been temporarily prevented. Under current understanding the vulnerability is not exploitable, unless users with administrator role take certain actions.

Vulnerability allows attacker execute JavaScript code.

PR https://github.com/apinf/platform/pull/3603 fixes the vulnerability. We will do a release and deploy a fix release to apinf.io soon. After that we start updating other instances.

If you would like to receive updates via email, please use this form to subscribe: https://docs.google.com/forms/d/e/1FAIpQLSdlEHizR8rrqvyGi0QpncmcgR34j_ypwpIMXZPlA_u96dUGuw/viewform

We apologize for potential problems caused by the vulnerability.

This vulnerability was reported to us by Hammad.