hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHoppscotch
APPHoppscotch< 2026.3.0
Powiązane podatności
Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026...
Hoppscotch — Auth Bypass umożliwia przejęcie konfiguracji instancji
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulne...
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read...
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is...