An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-21T17:00:00
Updated: 2024-08-05T09:38:13.594Z
Reserved: 2018-07-28T00:00:00
Link: CVE-2018-14730
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-21T17:29:04.983
Modified: 2024-11-21T03:49:41.363
Link: CVE-2018-14730
Redhat
No data.