Vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 in Hoverfly v1.6.0 - Githubissues

SpectoLabs / hoverfly

Lightweight service virtualization/ API simulation / API mocking tool for developers and testers

https://hoverfly.io

Apache License 2.0

2.35k stars 208 forks source link

Vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 in Hoverfly v1.6.0 #1104

Closed UdayKumarNettem closed 10 months ago

UdayKumarNettem commented 10 months ago

Description of the bug

@tommysitu - Hoverfly v1.6.0 has three vulnerabilities CVE-2023-39325 , CVE-2023-3978 and CVE-2023-44487 with golang.org/x/net

Steps to reproduce the issue

CVE Details: https://avd.aquasec.com/nvd/cve-2023-39325 https://avd.aquasec.com/nvd/cve-2023-3978 https://avd.aquasec.com/nvd/cve-2023-44487

Observed result

Hoverfly error messages seen (If none, say none)

(paste here)

If possible, add screenshots to help explain your problem

Expected result

Vulnerabilities have to be fixed

Additional relevant information

Hoverfly version: 1.6.0
Anything that might help us to diagnose the problem

tommysitu commented 10 months ago

Hi, it has been fixed here: https://github.com/SpectoLabs/hoverfly/pull/1102

I will try to get a release out asap 👌

UdayKumarNettem commented 10 months ago

@tommysitu thank you

tommysitu commented 10 months ago

https://github.com/SpectoLabs/hoverfly/releases/tag/v1.6.1 should contain the fix