fix(deps): update dependency com.github.tomakehurst:wiremock-jre8-standalone to v2.35.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
com.github.tomakehurst:wiremock-jre8-standalone (source) | dependencies | patch |
2.35.0 -> 2.35.1
|
Release Notes
wiremock/wiremock (com.github.tomakehurst:wiremock-jre8-standalone)
v2.35.1
: - Security Release
-
CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio
- Overall CVSS Score: 4.6 (AV:A/AC:L/MR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)
-
CVE-2023-41329 - Domain restrictions bypass via DNS
Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
- Overall CVSS Score: 3.9 (AV:A/AC:H/MR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - “Controlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy mode”. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments
Credits: @W0rty, @numacanedo, @Mahoney, @tomakehurst, @oleg-nenashev
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.