An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HWiremock
APPWiremock< 2.16.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassDoSXXE
CWE
Powiązane podatności
CVE-2023-50069MEDIUM6.1ten sam produkt
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) throug...
CVE-2023-41327MEDIUM4.6ten sam produkt
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefor...
CVE-2018-9117MEDIUM5.3ten sam produkt
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local ...
CVE-2023-41329LOW3.9ten sam produkt
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network rest...
CVE-2023-39967CRITICAL10.0ten sam vendor
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in Wir...