Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
webpack-dev-server 安全漏洞
Vulnerability Description
webpack-dev-server是一款主要用于测试的开发服务器。 webpack-dev-server 3.1.6之前版本中的lib/Server.js文件存在安全漏洞,该漏洞源于程序没有检测请求包头中的Origin字段。攻击者可通过从任意来源连接ws://127.0.0.1:8080/利用该漏洞接收WebSocket服务器发送的HMR消息。
CVSS Information
N/A
Vulnerability Type
N/A