Versions of webpack-dev-server
before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer’s source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
For webpack-dev-server
2.x update to version 2.11.4 or later.
For webpack-dev-server
3.x update to version 3.1.11 or later.
CPE | Name | Operator | Version |
---|---|---|---|
webpack-dev-server | lt | 2.11.4 || >=3.0.0 <=3.1.10 |