3 matches found
com.github.bibsysdev:nva-datamodel-testutils (>=0.20.41 <=0.20.82), com.github.bibsysdev:nvatestutils (>=1.32.0 <=1.36.15) +3 more potentially affected by CVE-2023-41329 via org.wiremock:wiremock (>=3.0.0 <=3.0.2)
org.wiremock:wiremock MAVEN version =3.0.0, =0.20.41, =1.32.0, =0.6.0, =2.4.5, =2.5.4 Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...
CVE-2023-41329 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...
CVE-2023-41329
CVE-2023-41329 concerns WireMock’s proxy mode, where domain-name based restrictions are vulnerable to DNS rebinding. The root cause is a race condition: if a DNS server’s address expires between initial validation and the outbound request, an otherwise prohibited domain could be accessed. This re...