Reliance on Reverse DNS Resolution for a Security-Critical Action in wiremock and python-wiremock - CVE-2023-41329
Published: July 4, 2025
Vulnerability identifier: #VU112165
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-41329
CWE-ID: CWE-350
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: wiremock
Affected software:
wiremock
python-wiremock
wiremock
python-wiremock
Detailed vulnerability description
The vulnerability allows a remote privileged user to execute arbitrary code on the target system.
The vulnerability exists due to proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A remote privileged user can pass specially crafted data to the application, trigger the vulnerability and execute arbitrary code on the target system.
How to mitigate CVE-2023-41329
Install updates from vendor's website.