Lucene search
GoogleOSV:GHSA-CF66-XWFP-GVC4HistoryJan 04, 2019 - 5:40 p.m.
Missing Origin Validation in webpack-dev-server
2019-01-0417:40:59
Google
osv.dev
9
0.003 Low
EPSS
Percentile
68.5%
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer’s source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Recommendation
For webpack-dev-server update to version 3.1.11 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| webpack-dev-server | lt | 3.1.11 |
References
github.com/webpack/webpack-dev-server
github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md#3111-2018-12-21
github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10
github.com/webpack/webpack-dev-server/issues/1445
github.com/webpack/webpack-dev-server/issues/1620
nvd.nist.gov/vuln/detail/CVE-2018-14732
www.npmjs.com/advisories/725
Related
cve
cve
CVE-2018-14732
2018-09-21 17:29:05
nodejs
nodejs
Missing Origin Validation
2018-11-07 17:10:22
veracode
veracode
Code Sniffing
2018-09-24 09:31:27
prion
prion
Code injection
2018-09-21 17:29:00
github
github
Missing Origin Validation in webpack-dev-server
2019-01-04 17:40:59
cvelist
cvelist
CVE-2018-14732
2018-09-21 17:00:00
nvd
nvd
CVE-2018-14732
2018-09-21 17:29:05