exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2018-14732

больше 7 лет назад

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.

CVSS3: 7.5

EPSS: Низкий

GHSA-cf66-xwfp-gvc4

около 7 лет назад

Missing Origin Validation in webpack-dev-server

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2018-14732 An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.	CVSS3: 7.5	0% Низкий	больше 7 лет назад
	GHSA-cf66-xwfp-gvc4 Missing Origin Validation in webpack-dev-server	CVSS3: 7.5	0% Низкий	около 7 лет назад

Уязвимостей на страницу