CNNVD-202509-1491 Information
CNNVD ID
CNNVD-202509-1491
Related CVE
- CNNVD Published: 2025-09-10
Description (Chinese)
Hoverfly是SpectoLabs开源的一种轻量级的开源 API 模拟工具。 Hoverfly 1.11.3及之前版本存在安全漏洞,该漏洞源于命令注入,可能导致远程代码执行。
Description (English)
Hoverfly is a lightweight open-source API simulation tool for SpectoLabs open source. Hoverfly 1.11.3 and previous versions contain a security loophole that originates from command injections and may lead to remote code enforcement.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SpectoLabs
Published
2025-09-10
Last Modified
2026-02-24
References
https://github.com/SpectoLabs/hoverfly/blob/master/core/hoverfly_service.go#L173 https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/local_middleware.go#L13 https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/middleware.go#L93 https://github.com/SpectoLabs/hoverfly/commit/17e60a9bc78826deb4b782dca1c1abd3dbe60d40 https://github.com/SpectoLabs/hoverfly/commit/a9d4da7bd7269651f54542ab790d0c613d568d3e https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf
Patch
https://github.com/SpectoLabs/hoverfly/releases
Share on: