mountebank 1.5.0-beta.1086 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mountebank package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF) mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). `CORS` was enabled for all origins, which allows a malicious site to potentially execute remote code through JavaScript injection. How to fix Cross-site Request Forgery (CSRF)? Upgrade `mountebank` to version 2.3.3 or higher.	<2.3.3
H Resource Exhaustion mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Resource Exhaustion. IP whitelisting CLI parameters (`--localOnly` and `--ipWhiteList`) were not killing the server end of the socket. In practice, this meant that even though the client connection was killed, the server operation (e.g. creating an imposter) would still succeed. This release ensures that both ends of the socket are immediately closed if the connection originates from an invalid IP address. How to fix Resource Exhaustion? Upgrade `mountebank` to version 2.3.1 or higher.	<2.3.1
M Directory Traversal mountebank is an Over the wire test doubles Affected versions of this package are vulnerable to Directory Traversal via the URL. How to fix Directory Traversal? Upgrade `mountebank` to version 2.3.2 or higher.	<2.3.2

Vulnerability

Vulnerable Version

Cross-site Request Forgery (CSRF)

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). CORS was enabled for all origins, which allows a malicious site to potentially execute remote code through JavaScript injection.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade mountebank to version 2.3.3 or higher.

<2.3.3

Resource Exhaustion

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Resource Exhaustion. IP whitelisting CLI parameters (--localOnly and --ipWhiteList) were not killing the server end of the socket. In practice, this meant that even though the client connection was killed, the server operation (e.g. creating an imposter) would still succeed. This release ensures that both ends of the socket are immediately closed if the connection originates from an invalid IP address.

How to fix Resource Exhaustion?

Upgrade mountebank to version 2.3.1 or higher.

<2.3.1

Directory Traversal

mountebank is an Over the wire test doubles

Affected versions of this package are vulnerable to Directory Traversal via the URL.

How to fix Directory Traversal?

Upgrade mountebank to version 2.3.2 or higher.

<2.3.2

mountebank@1.5.0-beta.1086 vulnerabilities

Over the wire test doubles

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically