Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF) mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). `CORS` was enabled for all origins, which allows a malicious site to potentially execute remote code through JavaScript injection. How to fix Cross-site Request Forgery (CSRF)? Upgrade `mountebank` to version 2.3.3 or higher.	<2.3.3
H Resource Exhaustion mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Resource Exhaustion. IP whitelisting CLI parameters (`--localOnly` and `--ipWhiteList`) were not killing the server end of the socket. In practice, this meant that even though the client connection was killed, the server operation (e.g. creating an imposter) would still succeed. This release ensures that both ends of the socket are immediately closed if the connection originates from an invalid IP address. How to fix Resource Exhaustion? Upgrade `mountebank` to version 2.3.1 or higher.	<2.3.1
M Directory Traversal mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Directory Traversal via the URL. How to fix Directory Traversal? Upgrade `mountebank` to version 2.3.2 or higher.	<2.3.2

Go back to all versions of this package