Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-03-23T05:00:01.220Z
Updated: 2023-03-23T05:00:01.220Z
Reserved: 2023-02-20T10:28:48.922Z
Link: CVE-2023-26114
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-23T05:15:16.927
Modified: 2023-11-07T04:09:22.310
Link: CVE-2023-26114
JSON object: View
Redhat Information
No data.