Fix potential security issue

Geocene / trainset

A lightweight web application for brushing labels onto time series data; useful for building training sets.

https://trainset.geocene.com/

MIT License

163 stars 36 forks source link

Fix potential security issue #25

Closed daterdots closed 4 years ago

daterdots commented 5 years ago

rushk014 commented 5 years ago

is this alert still there?

daterdots commented 5 years ago

Yeah:

CVE-2018-14732 More information low severity Vulnerable versions: < 3.1.11 Patched version: 3.1.11 An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.11. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.

zekeshearer commented 4 years ago

Fixed in 9f232b6debce3eeb45f6ec7267a607dc24203812