webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...

GHSA-9JGG-88MC-972H webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...

webpack-dev-server users' source code may be stolen when they access a malicious web site

Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...

CVE-2025-30360

An information exposure flaw has been discovered in webpack-dev-server. When accessing third party web sites with a non-Chromium based browser, a cross origin request may be allowed. This issue can result in the source code being stolen for users that use a predictable port and a non-Chromium bas...

CVE-2025-30359

An information exposure flaw has been discovered in webpack-dev-server. The request for classic script by a script tag is not subject to the same origin policy, allowing an attacker to inject a malicious script in their site and run the script. The attacker is required to know the port and the...

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the webpackmodules object. An attacker can...

CVE-2025-30360

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

CVE-2025-30359

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

CVE-2025-30360

The CVE-2025-30360 entry concerns webpack-dev-server prior to v5.2.1, where an Origin header check for WebSocket connections was insufficient, allowing IP-based origins to access the WebSocket and potentially exfiltrate source code to malicious sites using non-Chromium browsers. The issue is miti...

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

CVE-2025-30359

Webpack-dev-server CVE-2025-30359 affects the development server used to serve webpack bundles. Before version 5.2.1, an attacker could steal a user’s source code via a malicious site by injecting a script and abusing prototype pollution; exploitation could reveal code through webpack_modules via...

CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

PT-2025-23648 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to steal users' source code when they access a malicious website. This is possible because the request for a classic script by a script tag is not subject to...

PT-2025-23649 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to obtain source code via a method similar to that used to exploit a previously reported vulnerability. This is possible because webpack-dev-server always...

webpack-dev-server 安全漏洞

webpack-dev-server is a webpack open source application that provides webpack. A security vulnerability exists in webpack-dev-server versions prior to 5.2.1, which stems from the possibility of source code theft when a user visits a malicious website...

webpack-dev-server 访问控制错误漏洞

webpack-dev-server is a webpack open source application that provides webpack. An access control error vulnerability exists in webpack-dev-server versions prior to 5.2.1, which stems from the possibility of source code theft when visiting a malicious website using a non-Chromium-based browser...