CNNVD-202509-1484 Information

CNNVD ID

CNNVD-202509-1484

Related CVE

CVE-2025-54376

• CNNVD Published: 2025-09-10

Description (Chinese)

Hoverfly是SpectoLabs开源的一种轻量级的开源 API 模拟工具。 Hoverfly 1.11.3及之前版本存在授权问题漏洞，该漏洞源于未受保护的WebSocket端点，可能导致信息泄露。

Description (English)

Hoverfly is a lightweight open-source API simulation tool for SpectoLabs open source. Hoverfly 1.11.3 and previous versions had a mandate gap that originated from the unprotected WebSocket endpoint and could lead to a leak of information.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

SpectoLabs

Published

2025-09-10

Last Modified

2026-02-24

References

https://github.com/SpectoLabs/hoverfly/commit/ffc2cc34563de67fe1a04f7ba5d78fa2d4564424 https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-jxmr-2h4q-rhxp

Patch

https://github.com/SpectoLabs/hoverfly/releases