Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Content spoofing - real Hoppscotch emails
Vulnerability Description
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Hoppscotch 安全漏洞
Vulnerability Description
Hoppscotch是一个开源 Api 开发生态系统。 Hoppscotch 2023.12.5及之前版本存在安全漏洞,该漏洞源缺乏对Label(Edit Team)-TeamName等字段的验证,导致攻击者可以将带有欺骗性内容的电子邮件作为Hoppscotch。
CVSS Information
N/A
Vulnerability Type
N/A