Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2018-14732: webpack-dev-server vulnerability
This change updates to webpack-dev-server to 3.1.11 > CVE-2018-14732 > > Severity low > Vulnerable versions: < 3.1.11 > Patched version: 3.1.11 > An issue was discovered in lib/Server.js in webpack-dev-server before > 3.1.11. Attackers are able to steal developer's code because the origin > of requests is not checked by the WebSocket server, which is used for > HMR (Hot Module Replacement). Anyone can receive the HMR message sent by > the WebSocket server via a ws:https://127.0.0.1:8080/ connection from any > origin. Warning! This is based off the WS-2019-0100 branch since both change things in package.json. That change was lower risk so I based these changes off of it. I am having problems with some parts of the app so I am not entirely confident these changes don't break anything. I will work with someone to either help fix my dev environment or test on their machine.
- Loading branch information