GHSA-PMXQ-PJ47-J8J4 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

Design/Logic Flaw

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

GHSA-HQ8W-9W8W-PMX7 WireMock Controlled Server Side Request Forgery vulnerability through URL

Impact WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Documentation. Until WireMock Webhooks Extension 3.0.0-beta-1...

WireMock Controlled Server Side Request Forgery vulnerability through URL

Impact WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Documentation. Until WireMock Webhooks Extension 3.0.0-beta-1...

CVE-2023-39967 Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

CVE-2023-39967 Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

CVE-2023-39967 Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

CVE-2023-41327

CVE-2023-41327: WireMock Webhooks could forward webhook POSTs to arbitrary targets due to improper filtering of proxy targets prior to versions 2.35.1 and 3.0.3. Affected: WireMock (2.x up to 2.35.1, 3.x up to 3.0.3) and WireMock Studio (discontinued). Root cause: Webhook configuration allowed re...

CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

CVE-2023-41329 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

PT-2023-6522

Name of the Vulnerable Software and Affected Versions WireMock versions prior to 2.35.1 WireMock versions prior to 3.0.3 Python WireMock versions prior to 2.6.1 WireMock Studio all versions Description The issue is related to the proxy mode of WireMock, which can be protected by network...

PT-2023-27179 · Unknown · Wiremock Studio

Name of the Vulnerable Software and Affected Versions: WireMock Studio affected versions not specified Description: WireMock is a tool for mocking HTTP services. When certain request URLs like "@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an...