Headline
CVE-2023-48910: GitHub - microcks/microcks: Kubernetes native tool for mocking and testing API and micro-services. Microcks is a Cloud Native Computing Foundation sandbox project 🚀
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Microcks - Kubernetes native tool for API Mocking & Testing
Microcks is a platform for turning your API and microservices assets - OpenAPI specs, AsyncAPI specs, gRPC protobuf, GraphQL schema, Postman collections, SoapUI projects - into live mocks in seconds.
It also reuses these assets for running compliance and non-regression tests against your API implementation. We provide integrations with Jenkins, GitHub Actions, Tekton and many others through a simple CLI.
Getting Started
- Documentation
To get involved with our community, please make sure you are familiar with the project’s Code of Conduct.
Build Status
The current development version is 1.8.1-SNAPSHOT.
Sonarcloud Quality metrics
Versions
Here are the naming conventions we’re using for current releases, ongoing development maintenance activities.
Status
Version
Branch
Container images tags
Stable
1.8.0
master
1.8.0, latest
Dev
1.8.1-SNAPSHOT
1.8.x
nightly
Maintenance
1.7.2-SNAPSHOT
1.7.x
maintenance
How to build Microcks
The build instructions are available in the contribution guide.
Thanks to community!
Related news
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.