CVE-2024-45388: Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
This issue may lead to Information Disclosure.
References
- codeql.github.com/codeql-query-help/go/go-path-injection
- github.com/SpectoLabs/hoverfly
- github.com/SpectoLabs/hoverfly/releases/tag/v1.10.3
- github.com/SpectoLabs/hoverfly/security/advisories/GHSA-6xx4-x46f-f897
- github.com/advisories/GHSA-6xx4-x46f-f897
- github.com/spectolabs/hoverfly/blob/15d6ee9ea4e0de67aec5a41c28d21dc147243da0/core/handlers/v2/simulation_handler.go
- nvd.nist.gov/vuln/detail/CVE-2024-45388
Code Behaviors & Features
Detect and mitigate CVE-2024-45388 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →