Lucene search
+L

7 matches found

nuclei
nuclei
added 6 hours ago173 views

Hoverfly < 1.10.3 - Arbitrary File Read

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS6.2AI score0.55864EPSS
Exploits3References2
redhatcve
redhatcve
added 2025/02/05 3:29 a.m.10 views

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS7.2AI score0.55864EPSS
Exploits3References1
nvd
nvd
added 2024/09/02 6:15 p.m.38 views

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS0.55864EPSS
Exploits3References4
vulnrichment
vulnrichment
added 2024/09/02 4:7 p.m.20 views

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS6.8AI score0.55864EPSS
Exploits3References4
cvelist
cvelist
added 2024/09/02 4:7 p.m.40 views

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS0.55864EPSS
Exploits3References4
osv
osv
added 2024/09/02 4:7 p.m.12 views

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS6.7AI score0.55864EPSS
Exploits3References6
cve
cve
added 2024/09/02 4:7 p.m.124 views

CVE-2024-45388

Hoverfly (Git SpectoLabs) contains a path traversal vulnerability in the /api/v2/simulation POST handler that lets unauthenticated attackers read arbitrary files from the server by supplying a specially crafted bodyFile parameter (e.g., ../../../../etc/passwd). The implementation attempts to join...

7.5CVSS7.2AI score0.55864EPSS
In wildExploits3References4Affected Software1
Rows per page
Query Builder