Missing Origin Validation vulnerability in webpack-dev-server
Closed this issue · 0 comments
filippsen commented
Environment/Browser
1.4.3
Description
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.