Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.
Vulnerability Description
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Hoverfly 授权问题漏洞
Vulnerability Description
Hoverfly是SpectoLabs开源的一种轻量级的开源 API 模拟工具。 Hoverfly 1.11.3及之前版本存在授权问题漏洞,该漏洞源于未受保护的WebSocket端点,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A