CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

109 matches found

Github Security Blog•added 2023/03/23 6:30 a.m.•23 views

code-server vulnerable to Missing Origin Validation in WebSockets

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...

9.3CVSS8.7AI score0.00178EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2023/03/23 6:30 a.m.•2 views

@web-desktop-environment/development-edition-server (>=0.0.4 <=1.0.2), @web-desktop-environment/pack-dev (>=1.0.1 <=1.0.2) potentially affected by CVE-2023-26114 via code-server (>=3.12.0 <=3.9.3)

code-server NPM version =3.12.0, =0.0.4, =1.0.1, =1.0.2 Source cves: CVE-2023-26114 Source advisory: OSV:GHSA-FRJG-G767-7363...

9.3CVSS7.2AI score0.00178EPSS

Exploits0

OSV•added 2023/03/23 6:30 a.m.•17 views

GHSA-FRJG-G767-7363 code-server vulnerable to Missing Origin Validation in WebSockets

9.3CVSS8.7AI score0.00178EPSS

Exploits0References5

OSV•added 2023/03/23 5:15 a.m.•10 views

CVE-2023-26114

9.3CVSS9.4AI score

Exploits0References3

NVD•added 2023/03/23 5:15 a.m.•14 views

CVE-2023-26114

9.3CVSS8.5AI score0.00178EPSS

Exploits0References3

Prion•added 2023/03/23 5:15 a.m.•8 views

Input validation

5.8CVSS9.1AI score0.00178EPSS

Exploits0References3Affected Software1

CVE•added 2023/03/23 5:0 a.m.•39 views

CVE-2023-26114

CVE-2023-26114 affects code-server prior to version 4.10.1. The vulnerability is Missing Origin Validation in WebSocket handshakes, which could allow an attacker in certain scenarios to access data from and connect to a code-server instance. Exploitation context and impact are described in the CV...

9.3CVSS9.2AI score0.00178EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/03/23 5:0 a.m.•5 views

CVE-2023-26114

8.2CVSS9.3AI score0.00178EPSS

Exploits0References3

CNNVD•added 2023/03/23 12:0 a.m.•3 views

Coder Code-Server 访问控制错误漏洞

Coder Code-Server is a U.S. Coder company based on Microsoft's open source Visual Studio Code development products. It is used to build a convenient and unified development environment for developers. A security vulnerability exists in Coder Code-Server versions prior to 4.10.1 that stems from...

9.3CVSS8.3AI score0.00178EPSS

Exploits0References4

Positive Technologies•added 2023/03/23 12:0 a.m.•1 views

PT-2023-20500 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.10.1 Description: The issue is related to Missing Origin Validation in WebSockets handshakes. This can allow an adversary in specific scenarios to access data from and connect to the code-server instance...

9.3CVSS7.2AI score0.00178EPSS

Exploits0References10

Snyk•added 2023/03/22 1:33 p.m.•21 views

Missing Origin Validation in WebSockets

Overview code-server is an application that allows running VS Code on a remote server. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect...

9.3CVSS7.1AI score0.00178EPSS

Exploits0References2

Veracode•added 2022/05/12 5:3 a.m.•28 views

Cross-site Scripting (XSS)

code-server is vulnerable to cross-site scripting. The vulnerability exists because the errorHandler function of errors.ts does not properly escape the err.message property, allowing an attacker to inject and execute malicious javascript...

6.1CVSS2.7AI score0.00398EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/12 12:0 a.m.•54 views

GHSA-2GP3-6C9P-JP7W Cross site scripting in code-server