Vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 in Hoverfly v1.6.0 - Githubissues

SpectoLabs / hoverfly

Lightweight service virtualization/ API simulation / API mocking tool for developers and testers

https://hoverfly.io

Apache License 2.0

2.36k stars 208 forks source link

Vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 in Hoverfly v1.6.0 #1104

Closed UdayKumarNettem closed 1 year ago

UdayKumarNettem commented 1 year ago

Description of the bug

@tommysitu - Hoverfly v1.6.0 has three vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 with golang.org/x/net

Steps to reproduce the issue

CVE Details: https://avd.aquasec.com/nvd/cve-2023-39325 https://avd.aquasec.com/nvd/cve-2023-3978 https://avd.aquasec.com/nvd/cve-2023-44487

Observed result

Hoverfly error messages seen (If none, say none)

(paste here)

If possible, add screenshots to help explain your problem

Expected result

Vulnerabilities have to be fixed

Additional relevant information

Hoverfly version: 1.6.0
Anything that might help us to diagnose the problem

tommysitu commented 1 year ago

Hi, it has been fixed here: https://github.com/SpectoLabs/hoverfly/pull/1102

I will try to get a release out asap 👌

UdayKumarNettem commented 1 year ago

@tommysitu thank you

tommysitu commented 1 year ago

https://github.com/SpectoLabs/hoverfly/releases/tag/v1.6.1 should contain the fix