YAML schema injection risk in Swagger UI via schema_url parameter at developers.cloudflare.com

Cloudflare relies on Swagger to present API Docs within our Developer Documentation. Swagger incorporates a feature known as "schema_url," which permits the rendering of a YAML schema from a remote URL. However, a security issue was identified in our Swagger's implementation due to absence of validation on the allowed URL list. This vulnerability could be exploited by an attacker who crafts a URL to load a schema from a remote URL they control. The attacker could then share this URL with a potential victim. To exploit this vulnerability, the victim would need to manually copy the request examples from the API docs and send them directly, which could result in exposing themselves to a phishing attack. Despite the potential risk, the likelihood of successful exploitation remains very low.