77 matches found
CVE-2023-50069
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
Cross site scripting
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
PT-2023-31465
Name of the Vulnerable Software and Affected Versions WireMock with GUI versions 3.0.4.0 through 3.2.0.0 Description The issue concerns stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's...
CVE-2023-50069
CVE-2023-50069 affects WireMock with GUI versions 3.0.4.0–3.2.0.0. The issue is stored cross-site scripting (SXSS) through the recording feature, allowing an attacker to host a malicious payload and have it render on the Matched page Body area due to lack of validation/sanitization of the respons...
CVE-2023-50069
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
WireMock 安全漏洞
WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...
CVE-2023-50069
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
The vulnerability of the WireMock software for creating virtual HTTP services relates to bypassing authentication through spoofing, allowing attackers to circumvent established access controls.
The vulnerability of the WireMock software for creating virtual HTTP services relates to the bypassing of authentication mechanisms through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent established access controls...
The vulnerability of the WireMock software for creating virtual HTTP services lies in its insufficient checking of incoming requests. This allows attackers to redirect POST requests to arbitrary servers.
The vulnerability of the WireMock software for creating virtual HTTP services is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to redirect POST requests to arbitrary servers...
com.github.bibsysdev:nva-datamodel-testutils (>=0.20.41 <=0.20.82), com.github.bibsysdev:nvatestutils (>=1.32.0 <=1.36.15) +3 more potentially affected by CVE-2023-41329 via org.wiremock:wiremock (>=3.0.0 <=3.0.2)
org.wiremock:wiremock MAVEN version =3.0.0, =0.20.41, =1.32.0, =0.6.0, =2.4.5, =2.5.4 Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...
co.bitshifted.appforge:syncro (>=1.0.0 <=1.0.2), com.atlassian.oai:swagger-request-validator-examples (>=2.26.0 <=2.39.0) +172 more potentially affected by CVE-2023-41329 via com.github.tomakehurst:wiremock-jre8 (>=2.21.0 <=2.35.0)
com.github.tomakehurst:wiremock-jre8 MAVEN version =2.21.0, =1.0.0, =2.26.0, =2.26.0, =2.30.0, =0.0.5, =0.19.3, =1.25.2, =0.1.0, =1.0, =1.0, =1.5.1 and more Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...
ch.admin.bit.jeap:jeap-spring-boot-security-starter-it (>=17.16.0 <=17.24.1), ch.mobi.mobitor:mobitor-plugins-test (>=3.1.171 <=3.1.485) +50 more potentially affected by CVE-2023-41329 via com.github.tomakehurst:wiremock-jre8-standalone (>=2.23.2 <=2.35.0)
com.github.tomakehurst:wiremock-jre8-standalone MAVEN version =2.23.2, =17.16.0, =3.1.171, =1.0.7, =1.13.3, =1.0.0, =2.4.4, =6.7.7, =8.1.0, =6.7.7, =9.0.1, =8.5.0, =9.1.18 - de.muenchen.oss.digiwf:digiwf-coverage =1.3.0 and more Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...
GHSA-PMXQ-PJ47-J8J4 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...
Server Side Request Forgery (SSRF)
WireMock is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a failure in filtering target addresses during Webhook proxing even when the allowed address rules and denied address rules are configured, regardless of the limitProxyTargets settings. This can lead to...
CVE-2023-41329
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...
CVE-2023-41327
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...
CVE-2023-39967
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...
Race condition
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...
Design/Logic Flaw
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...