Lucene search
Veracode Vulnerability DatabaseVERACODE:7725HistoryNov 09, 2018 - 6:26 a.m.
Code Sniffing
2018-11-0906:26:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.006 Low
EPSS
Percentile
78.5%
browserify-hms is vulnerable to code sniffing. The code sniffing is possible because WebSocket server for HMR (Hot Module Replacement) does not validate the origin of the request, allowing unauthorised users to access HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| browserify-hmr | le | 0.3.7 |
Related
osv
osv
Missing Origin Validation in browserify-hmr
2020-09-01 21:18:20
github
github
Missing Origin Validation in browserify-hmr
2020-09-01 21:18:20
cvelist
cvelist
CVE-2018-14730
2018-09-21 17:00:00
prion
prion
Code injection
2018-09-21 17:29:00
nvd
nvd
CVE-2018-14730
2018-09-21 17:29:04
nodejs
nodejs
Missing Origin Validation
2018-11-07 19:05:15
cve
cve
CVE-2018-14730
2018-09-21 17:29:04