Critical severity10.0NVD Advisory· Published Sep 6, 2023· Updated Jun 17, 2026
CVE-2023-39967
CVE-2023-39967
Description
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vcnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.