CVE-2018-9116

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-9116
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9116.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-9116
Published
2018-03-29T07:29:00Z
Modified
2024-09-03T02:08:47.374547Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.

References

Affected packages

Git / github.com/tomakehurst/wiremock

Affected ranges

Type
GIT
Repo
https://github.com/tomakehurst/wiremock
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.33
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.43
1.44
1.46
1.47
1.48
1.49
1.50
1.51
1.52
1.52-beta
1.53
1.54
1.55
1.56
1.57
1.58

2.*

2.0.0-beta
2.0.1-beta
2.0.10-beta
2.0.2-beta
2.0.3-beta
2.0.4-beta
2.0.5-beta
2.0.6-beta
2.0.7-beta
2.0.8-beta
2.0.9-beta
2.1.0-beta
2.1.1-beta
2.1.10
2.1.11
2.1.12
2.1.2-rc1
2.1.3-rc2
2.1.4-rc3
2.1.5-rc4
2.1.6
2.1.7
2.1.8
2.1.9
2.10.0
2.10.1
2.11.0
2.12.0
2.13.0
2.14.0
2.15.0
2.2.1
2.2.2
2.3.1
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.8.0
2.9.0

release-1.*

release-1.14
release-1.25