browserify-hms is vulnerable to code sniffing. The code sniffing is possible because WebSocket server for HMR (Hot Module Replacement) does not validate the origin of the request, allowing unauthorised users to access HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/
connection from any origin.
CPE | Name | Operator | Version |
---|---|---|---|
browserify-hmr | le | 0.3.7 |