CVE-2024-45388

Name of the Vulnerable Software and Affected Versions Hoverfly (affected versions not specified)

Description The /api/v2/simulation POST handler in Hoverfly allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Although the code prevents absolute paths from being specified, an attacker can escape out of the hf.Cfg.ResponsesBodyFilesPath base path by using ../ segments and reach any arbitrary files. This issue may lead to Information Disclosure.

Recommendations As a temporary workaround, consider restricting access to the /api/v2/simulation endpoint until a patch is available. Make sure the final path (filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)) is contained within the expected base path (filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")). At the moment, there is no information about a newer version that contains a fix for this vulnerability.