12 matches found
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
GHSA-P773-8MF4-RJM5 @farmfe/core is Missing Origin Validation in WebSocket
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
@farmfe/cli (>=0.1.0 <=0.2.0), @farmfe/js-plugin-tailwindcss (>=0.0.2 <=0.0.20) +5 more potentially affected by CVE-2025-56647 via @farmfe/core (>=0.1.5 <=1.7.11)
@farmfe/core NPM version =0.1.5, =0.1.0, =0.0.2, =1.0.0, =0.0.2, =2.7.0, =1.0.5, =1.3.4 Source cves: CVE-2025-56647 Source advisory: OSV:GHSA-P773-8MF4-RJM5...
@farmfe/core is Missing Origin Validation in WebSocket
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
@farmfe/js-plugin-tailwindcss (>=0.0.2 <=0.0.20), @nohejs/core (>=1.0.0 <=1.1.106) +3 more potentially affected by CVE-2025-56647 via @farmfe/core (>=1.6.6 <=1.7.11)
@farmfe/core NPM version =1.6.6, =0.0.2, =1.0.0, =0.0.2, =2.7.0, =1.0.5, =1.3.4 Source cves: CVE-2025-56647 Source advisory: SNYK:JS-FARMFECORE-15282805...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
Affected product: npm @farmfe/core
PT-2026-7857
Name of the Vulnerable Software and Affected Versions @farmfe/core versions prior to 1.7.6 Description The development server does not validate the origin when establishing WebSocket connections. This allows attackers to monitor developers using Farm who visit a malicious webpage and potentially...