CVE-2018-9116

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-9116

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9116.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-9116

Published

2018-03-29T07:29:00.323Z

Modified

2026-03-14T09:30:47.342737Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.

References

https://groups.google.com/forum/#%21topic/wiremock-user/PQ1UQzKZVl0

Affected packages

Git / github.com/tomakehurst/wiremock

Affected ranges

Type

GIT

Repo

https://github.com/tomakehurst/wiremock

Events

Introduced

Fixed

1329fba17238c8488079719662f534d8fd37ca8f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.16.0"
        }
    ]
}

Affected versions

1.*

1.33

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.43

1.44

1.46

1.47

1.48

1.49

1.50

1.51

1.52

1.52-beta

1.53

1.54

1.55

1.56

1.57

1.58

2.*

2.0.0-beta

2.0.1-beta

2.0.10-beta

2.0.2-beta

2.0.3-beta

2.0.4-beta

2.0.5-beta

2.0.6-beta

2.0.7-beta

2.0.8-beta

2.0.9-beta

2.1.0-beta

2.1.1-beta

2.1.10

2.1.11

2.1.12

2.1.2-rc1

2.1.3-rc2

2.1.4-rc3

2.1.5-rc4

2.1.6

2.1.7

2.1.8

2.1.9

2.10.0

2.10.1

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.2.1

2.2.2

2.3.1

2.4.1

2.5.0

2.5.1

2.6.0

2.7.0

2.7.1

2.8.0

2.9.0

release-1.*

release-1.14

release-1.25

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9116.json"