Browse all 3 CVE security advisories affecting wiremock. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WireMock serves as a mock server for API testing and development, simulating HTTP responses to facilitate testing without live dependencies. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. Notable security characteristics include its Java-based architecture, which has been impacted by CVEs like CVE-2022-4514 (RCE via recorders) and CVE-2023-34455 (XSS in web console). These vulnerabilities highlight risks in handling untrusted input and web interface exposures. While no major public incidents have been widely reported, the CVEs demonstrate potential for server compromise and data exfiltration if unpatched, emphasizing the need for secure configuration and timely updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-39967 | Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio — wiremockCWE-918 | 10.0 | Critical | 2023-09-06 |
| CVE-2023-41327 | Controlled SSRF through URL in the WireMock — wiremockCWE-918 | 4.6 | Medium | 2023-09-06 |
| CVE-2023-41329 | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio — wiremockCWE-290 | 3.9 | Low | 2023-09-06 |
This page lists every published CVE security advisory associated with wiremock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.