mountebank@1.6.0-beta.1093 vulnerabilities

Over the wire test doubles

  • latest version

    2.9.1

  • latest non vulnerable version

  • first published

    11 years ago

  • latest version published

    1 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the mountebank package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Request Forgery (CSRF)

    mountebank is an Over the wire test doubles

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). CORS was enabled for all origins, which allows a malicious site to potentially execute remote code through JavaScript injection.

    How to fix Cross-site Request Forgery (CSRF)?

    Upgrade mountebank to version 2.3.3 or higher.

    <2.3.3
    • H
    Resource Exhaustion

    mountebank is an Over the wire test doubles

    Affected versions of this package are vulnerable to Resource Exhaustion. IP whitelisting CLI parameters (--localOnly and --ipWhiteList) were not killing the server end of the socket. In practice, this meant that even though the client connection was killed, the server operation (e.g. creating an imposter) would still succeed. This release ensures that both ends of the socket are immediately closed if the connection originates from an invalid IP address.

    How to fix Resource Exhaustion?

    Upgrade mountebank to version 2.3.1 or higher.

    <2.3.1
    • M
    Directory Traversal

    mountebank is an Over the wire test doubles

    Affected versions of this package are vulnerable to Directory Traversal via the URL.

    How to fix Directory Traversal?

    Upgrade mountebank to version 2.3.2 or higher.

    <2.3.2