PyPI: wiremock
CVE-2023-41329
Safety vulnerability ID: SFTY-20230906-27162
Safety legacy ID: pyup.io-61041
Wiremock 2.6.1 includes a fix for CVE-2023-41329: Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes. https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4
Overview
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Advisory
Wiremock 2.6.1 includes a fix for CVE-2023-41329: Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes. https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20230906-27162/CVE-2023-41329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41329
- https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4
- https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses
- https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4
- https://nvd.nist.gov/vuln/detail/CVE-2023-41329
- https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses
- https://github.com/advisories/GHSA-pmxq-pj47-j8j4
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more