Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/06/04 9:9 p.m.34 views

webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...

6.5CVSS6.5AI score0.00287EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/06/03 5:41 p.m.16 views

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

6.5CVSS7.3AI score0.00287EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2019/01/04 5:40 p.m.6 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +23456 more potentially affected by CVE-2018-14732 via webpack-dev-server (>=1.10.1 <=3.1.10)

webpack-dev-server NPM version =1.10.1, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0...

7.5CVSS7AI score0.02434EPSS
Exploits1
OSV
OSV
added 2018/09/21 5:29 p.m.7 views

CVE-2018-14732

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket...

7.5CVSS7.5AI score
Exploits0References3
CVE
CVE
added 2018/09/21 5:0 p.m.213 views

CVE-2018-14732

CVE-2018-14732 affects webpack-dev-server before 3.1.6. The WebSocket server used for Hot Module Replacement does not validate the request origin, allowing any origin (including ws://127.0.0.1:8080/) to receive HMR messages. This can enable an attacker to access a developer’s source code from a p...

7.5CVSS7.4AI score0.02434EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder