Skip to main content

Wiremock

5 CVEs product

Monthly

CVE-2023-50069 MEDIUM POC This Month

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wiremock
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41329 LIB MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker Python Wiremock Studio +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-41327 Maven MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio Wiremock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-9117 MEDIUM This Month

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wiremock
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-9116 CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD
CVSS 3.0
9.1
EPSS
2.0%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wiremock
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker +4
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio +1
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM This Month

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wiremock
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy