CVE-2021-32827

Name of the Vulnerable Software and Affected Versions MockServer (affected versions not specified)

Description The issue concerns MockServer, open source software used for mocking systems via HTTP or HTTPS. An attacker can trick a victim into visiting a malicious site while running MockServer locally, allowing the attacker to run arbitrary code on the MockServer machine. This is possible due to an overly broad default CORS configuration, which allows any site to send cross-site requests. Additionally, MockServer's use of Javascript or Velocity templates for dynamic expectations may allow an attacker to execute arbitrary code on behalf of MockServer. By combining these issues, an attacker could serve a malicious page to compromise a developer running MockServer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.