Vendor
Hoverfly, when running in Diff mode, is vulnerable to a denial-of-service condition due to a concurrent map write race condition in the `AddDiff()` function. Multiple proxy requests processed simultaneously cause unsynchronized writes to the shared `responsesDiff` map, triggering Go's built-in race detector and a `fatal error`, which immediately terminates the Hoverfly process. This vulnerability is trivially exploitable by sending multiple concurrent requests to the proxy port, leading to a full denial of service that cannot be recovered without a restart.