#VU112165 Reliance on Reverse DNS Resolution for a Security-Critical Action in wiremock and python-wiremock - CVE-2023-41329
Published: July 4, 2025
Vulnerability identifier: #VU112165
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-41329
CWE-ID: CWE-350
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
wiremock
python-wiremock
wiremock
python-wiremock
Software vendor:
wiremock
wiremock
Description
The vulnerability allows a remote privileged user to execute arbitrary code on the target system.
The vulnerability exists due to proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A remote privileged user can pass specially crafted data to the application, trigger the vulnerability and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.