EIQ-2019-0004#
ID |
EIQ-2019-0004 |
|---|---|
CVE |
|
Description |
No origin validation in webpack-dev-server |
Date |
30 Jan 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
7.5 |
Status |
✅ 2.3.4 |
Assessment |
webpack-dev-server versions 3.1.10 and earlier fail to correctly check the origin of the requests sent to the WebSocket server component. This makes it possible for a remote attacker to send a Hot Module Replacement (HMR) message to a targeted system. In this way, the the attacker can obtain access to sensitive information on the targeted system. |
Mitigation |
|
Affected versions |
2.3.0 to 2.3.3 included. |
Notes |
For more information, see: |