You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Missing Origin Validation in webpack-dev-server
High severity
GitHub Reviewed
Published
Jan 4, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Recommendation
For webpack-dev-server update to version 3.1.11 or later.
Versions of
webpack-dev-server
before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.Recommendation
For
webpack-dev-server
update to version 3.1.11 or later.References