Vulnerability Description
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hoppscotch | Hoppscotch | < 2023.12.6 |
Related Weaknesses (CWE)
References
- https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/sProduct
- https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa4497Patch
- https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3ppExploitThird Party Advisory
- https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/sProduct
- https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa4497Patch
- https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3ppExploitThird Party Advisory
FAQ
What is CVE-2024-27092?
CVE-2024-27092 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (ext...
How severe is CVE-2024-27092?
CVE-2024-27092 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27092?
Check the references section above for vendor advisories and patch information. Affected products include: Hoppscotch Hoppscotch.