Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
CWE-1385
Vulnerability Title
Coder Code-Server 访问控制错误漏洞
Vulnerability Description
Coder Code-Server是美国Coder公司的一款基于微软开源的 Visual Studio Code 开发的产品。用于为开发者构建一个便捷统一的开发环境。 Coder Code-Server 4.10.1之前版本存在安全漏洞,该漏洞源于允许特定场景中的对手从代码服务器实例访问数据并连接到代码服务器实例。
CVSS Information
N/A
Vulnerability Type
N/A