A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-06T20:52:14
Updated: 2024-08-04T16:48:01.347Z
Reserved: 2020-11-24T00:00:00
Link: CVE-2020-29041
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-06T21:15:14.253
Modified: 2024-11-21T05:23:34.557
Link: CVE-2020-29041
Redhat
No data.