mountebank@1.4.3-beta.1050 vulnerabilities

Over the wire test doubles

Direct Vulnerabilities

Known vulnerabilities in the mountebank package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). CORS was enabled for all origins, which allows a malicious site to potentially execute remote code through JavaScript injection.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade mountebank to version 2.3.3 or higher.

<2.3.3
  • H
Resource Exhaustion

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Resource Exhaustion. IP whitelisting CLI parameters (--localOnly and --ipWhiteList) were not killing the server end of the socket. In practice, this meant that even though the client connection was killed, the server operation (e.g. creating an imposter) would still succeed. This release ensures that both ends of the socket are immediately closed if the connection originates from an invalid IP address.

How to fix Resource Exhaustion?

Upgrade mountebank to version 2.3.1 or higher.

<2.3.1
  • M
Directory Traversal

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Directory Traversal via the URL.

How to fix Directory Traversal?

Upgrade mountebank to version 2.3.2 or higher.

<2.3.2