You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Missing Origin Validation in browserify-hmr
High severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server.
This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Versions of
browserify-hmr
prior to 0.4.0 are missing origin validation on the websocket server.This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Recommendation
Upgrade to version 0.4.0 or later.
References