Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-9595

A flaw was found in webpack-dev-server. When a user configures a proxy with a broad context, such as '/', and enables WebSocket ws: true forwarding, the development server's own Hot Module Replacement HMR WebSocket can be intercepted. This interception leads to the leakage of the browser's cookie...

7.1CVSS5.7AI score0.00163EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:13 p.m.11 views

EUVD-2026-36729

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies...

5.3CVSS5.2AI score0.00163EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/15 5:39 p.m.8 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via permissive user proxy...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:39 p.m.9 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via permissive user proxy configurations that inclu...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 4:16 p.m.11 views

CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
Rows per page
Query Builder