Security
Headlines

Headlines Latest CVEs

Headline

GHSA-frjg-g767-7363: code-server vulnerable to Missing Origin Validation in WebSockets

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

1 year ago

#vulnerability #web #ios #git

code-server vulnerable to Missing Origin Validation in WebSockets

High severity GitHub Reviewed Published Mar 23, 2023 to the GitHub Advisory Database • Updated Mar 23, 2023

Related news

CVE-2023-26114: Release v4.10.1 · coder/code-server

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

1 year ago

#vulnerability #web #ios

ghsa: Latest News

GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

4 hours ago

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

4 hours ago

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

21 hours ago

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

21 hours ago

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

21 hours ago