Lucene search

Veracode Vulnerability DatabaseVERACODE:43197

HistorySep 08, 2023 - 10:29 a.m.

Race Condition

2023-09-0810:29:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

race condition

render function

dns server vulnerability

prohibited domains

software

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.8%

JSON

wiremock is vulnerable toa Race Condition. The vulnerability is due to the render function when DNS server’s address expire between initial validation and an outbound network request, potentially leading to unintended access to prohibited domains.

CPENameOperatorVersion
wiremockle3.0.2
wiremockle3.0.2
wiremockle2.35.0
wiremockle3.0.1
wiremockle2.35.0
wiremockle3.0.1
wiremockle2.6.0
wiremockle3.0.2
wiremockle3.0.2
wiremockle2.35.0

Name	Operator	Version
wiremock	le	3.0.2
wiremock	le	3.0.2
wiremock	le	2.35.0
wiremock	le	3.0.1
wiremock	le	2.35.0
wiremock	le	3.0.1
wiremock	le	2.6.0
wiremock	le	3.0.2
wiremock	le	3.0.2
wiremock	le	2.35.0

Rows per page:

1-10 of 141

References

github.com/wiremock/wiremock/commit/027ddafc38a1048d6bd64d896b07ee35b0268894

github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4

wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for VERACODE:43197