3 matches found
CVE-2023-41327
CVE-2023-41327: WireMock Webhooks could forward webhook POSTs to arbitrary targets due to improper filtering of proxy targets prior to versions 2.35.1 and 3.0.3. Affected: WireMock (2.x up to 2.35.1, 3.x up to 3.0.3) and WireMock Studio (discontinued). Root cause: Webhook configuration allowed re...
CVE-2023-41329
CVE-2023-41329 concerns WireMock’s proxy mode, where domain-name based restrictions are vulnerable to DNS rebinding. The root cause is a race condition: if a DNS server’s address expires between initial validation and the outbound request, an otherwise prohibited domain could be accessed. This re...
CVE-2023-39967
The CVE-2023-39967 issue affects WireMock Studio and related components, causing potential SSRF via URL parameters in requests configured in WireMock Studio, Webhooks, and proxy modes. Root cause: misrouting of requests to arbitrary internal services reachable from the WireMock instance. The publ...