Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-03-23T05:00:01.220Z
Updated: 2024-08-02T11:39:06.583Z
Reserved: 2023-02-20T10:28:48.922Z
Link: CVE-2023-26114
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-23T05:15:16.927
Modified: 2024-11-21T07:50:48.217
Link: CVE-2023-26114
Redhat
No data.