Hoppscotch Fixes Validation Issue to Prevent Spoofed Content
CVE-2024-27092

5.4MEDIUM

Key Information:

Vendor: Hoppscotch
Status: Hoppscotch
Vendor: CVE Published:; 29 February 2024

🔔 Create Hoppscotch Vulnerability Alert

What is CVE-2024-27092?

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.

Affected Version(s)

hoppscotch < 2023.12.6

References

https://github.com/hoppscotch/hoppscotch/security/advisor...

x_refsource_CONFIRM

https://github.com/hoppscotch/hoppscotch/commit/6827e97ec...

x_refsource_MISC

https://github.com/hoppscotch/hoppscotch/blob/main/packag...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 19, 2024

.