CVE-2024-27092

Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2023.12.6

Description Hoppscotch is an API development ecosystem. Due to the lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with spoofed content as Hoppscotch. Part of the payload, an external link, is presented in a clickable form, making it easier for malicious actors to achieve their goals.

Recommendations For versions prior to 2023.12.6, update to version 2023.12.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Label (Edit Team) - TeamName field to minimize the risk of exploitation. Avoid using external links in the payload until the issue is resolved.