Spectolabs Hoverfly vulnerabilities
3 known vulnerabilities affecting spectolabs/hoverfly.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-45388P1HIGHCVSS 7.5ExploitedPoCfixed in 1.10.32024-09-02
CVE-2024-45388 [HIGH] CWE-200 CVE-2024-45388: Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers a
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the
nvd
CVE-2025-54123P1CRITICALCVSS 9.8ExploitedPoC≤ 1.11.32025-09-10
CVE-2025-54123 [CRITICAL] CWE-20 CVE-2025-54123: Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functio
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization in user input. The vulnerability exists in the middleware management API endpoint `/api/v2/h
nvd
CVE-2025-54376P3HIGHCVSS 7.5fixed in 1.12.02025-09-10
CVE-2025-54376 [HIGH] CWE-200 CVE-2025-54376: Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSo
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into
nvd