Lucene search
Jiantao LiNODEJS:726HistoryNov 07, 2018 - 7:05 p.m.
Missing Origin Validation
2018-11-0719:05:15
Jiantao Li
www.npmjs.com
9
0.006 Low
EPSS
Percentile
78.6%
Overview
Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server.
This vulnerability allows a remote attacker to steal a developer’s source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Recommendation
Upgrade to version 0.4.0 or later.
References
- [Sniffing Codes in Hot Module Reloading Messages
- ](https://blog.cal1.cn/post/Sniffing Codes in Hot Module Reloading Messages)
- GitHub Issue
- GitHub Advisory
| CPE | Name | Operator | Version |
|---|---|---|---|
| browserify-hmr | lt | 0.4.0 |
Related
osv
osv
Missing Origin Validation in browserify-hmr
2020-09-01 21:18:20
github
github
Missing Origin Validation in browserify-hmr
2020-09-01 21:18:20
nvd
nvd
CVE-2018-14730
2018-09-21 17:29:04
cvelist
cvelist
CVE-2018-14730
2018-09-21 17:00:00
prion
prion
Code injection
2018-09-21 17:29:00
cve
cve
CVE-2018-14730
2018-09-21 17:29:04
veracode
veracode
Code Sniffing
2018-11-09 06:26:16