Wiremock Studio vulnerabilities
3 known vulnerabilities affecting wiremock/studio.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-39967P2CRITICALCVSS 10.0≤ 2.32.0-172023-09-06
CVE-2023-39967 [CRITICAL] CWE-918 CVE-2023-39967: WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are u
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode.
nvd
CVE-2023-41329P3MEDIUMCVSS 6.6≤ 2.32.0-172023-09-06
CVE-2023-41329 [MEDIUM] CWE-290 CVE-2023-41329: WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the ne
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebindin
nvd
CVE-2023-41327P4MEDIUMCVSS 5.4≤ 2.32.0-172023-09-06
CVE-2023-41327 [MEDIUM] CWE-918 CVE-2023-41327: WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (an
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first.
Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target
nvd