Hoverfly 授权问题漏洞

Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. An authorization issue vulnerability exists in Hoverfly 1.11.3 and earlier versions that originates from an unprotected WebSocket endpoint and could lead to information disclosure...

Hoverfly 安全漏洞

Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. A security vulnerability exists in Hoverfly 1.11.3 and earlier versions that stems from command injection and could lead to remote code execution...

PT-2025-37088

Name of the Vulnerable Software and Affected Versions: Hoverfly versions 1.11.3 and prior Description: Hoverfly is vulnerable to a command injection issue at the /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization of user input. This vulnerability stems from a...

PT-2025-37098

Name of the Vulnerable Software and Affected Versions: Hoverfly versions 1.11.3 and prior Description: Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs lacks the authentication middleware present in the REST admin API. This allows an unauthenticated remote attacker to stream real-time...

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

VulnCheck KEV: CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

Malicious code in jittery-chocolate-hoverfly (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9675 Malicious code in jittery-chocolate-hoverfly (npm)

--- -= Per source details. Do not edit below this line.=-...

GO-2024-3108 Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) in github.com/SpectoLabs/hoverfly

Hoverfly allows an arbitrary file read in the /api/v2/simulation endpoint GHSL-2023-274 in github.com/SpectoLabs/hoverfly...

Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)

Details The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. go...

GHSA-6XX4-X46F-F897 Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)

Details The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. go...

Path Traversal

github.com/spectolabs/hoverfly is vulnerable to Path Traversal. The vulnerability is due to insufficient path sanitization in the /api/v2/simulation POST handler, allowing an attacker to escape the intended base directory and access arbitrary files on the server by manipulating file paths using ....

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

CVE-2024-45388

Hoverfly (Git SpectoLabs) contains a path traversal vulnerability in the /api/v2/simulation POST handler that lets unauthenticated attackers read arbitrary files from the server by supplying a specially crafted bodyFile parameter (e.g., ../../../../etc/passwd). The implementation attempts to join...

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

Hoverfly 安全漏洞

Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. A security vulnerability exists in Hoverfly versions prior to v1.10.3. An attacker exploiting the vulnerability could read arbitrary files from the server...

Brute Force Attacks

github.com/spectolabs/hoverfly is susceptible to brute force attacks. The attacks are possible because it does not provide a rate limit for logging in. A malicious user can have an unlimited amount of attempts to bruteforce the username and password...