BIT-WIREMOCK-2023-41329 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

BIT-WIREMOCK-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

BIT-WIREMOCK-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

PT-2026-32445

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

EUVD-2018-20717

Malware in sbrugna...

EUVD-2018-20716

Malware in sbrugna...

EUVD-2023-2564

Malicious code in bioql PyPI...

EUVD-2023-43661

Malicious code in bioql PyPI...

EUVD-2023-2527

Malicious code in bioql PyPI...

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

CVE-2023-41329

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

CVE-2023-39967

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

A Bootiful Podcast: Wiremock's leaders Lee Turner and Tom Akehurst

Hi, Spring fans! In this installment we talk to Wiremock's leaders Lee Turner and Tom Akehurst...

This Week in Spring - October 15th, 2024

Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...

This Week in Spring - April 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from beautiful Paris, France, ahead of the amazing Devoxx France event. I've come to almost all of these events over the years. It's hard to believe it's been more than a decade since the show was first...

This Week in Spring - April 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Las Vegas, NV, at the moment, preparing for my part in the huuuuuge Google Cloud Next keynote. I'm so excited! And then it's off to the amazing and glorious Devnexus event! If you're at either event, please say Hi!. Fu...

This Week in Spring - January 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...

WireMock Cross-Site Scripting Vulnerability

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...