Security
Headlines

Headlines Latest CVEs

Headline

GHSA-frjg-g767-7363: code-server vulnerable to Missing Origin Validation in WebSockets

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

1 year ago

#vulnerability #web #ios #git

code-server vulnerable to Missing Origin Validation in WebSockets

High severity GitHub Reviewed Published Mar 23, 2023 to the GitHub Advisory Database • Updated Mar 23, 2023

Related news

CVE-2023-26114: Release v4.10.1 · coder/code-server

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

1 year ago

#vulnerability #web #ios

ghsa: Latest News

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

9 hours ago

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

9 hours ago

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

11 hours ago

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

11 hours ago

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

13 hours ago