webpack-dev-server users' source code may be stolen when they access a malicious web site

Description

Source code may be stolen when you access a malicious web site.

Recommendation

Update the webpack-dev-server package to the latest compatible version. Followings are version details:

• Affected version(s): <= 5.2.0
• Patched version(s): 5.2.1

References

• GHSA-4v9v-hfq4-rm2v
• CVE-2025-30359
• CWE-749
• CAPEC-310
• OWASP 2021-A6

Related Issues

• webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browse - CVE-2025-30360
• Opening a malicious website while running a Nuxt dev server could allow read-only access to code - @nuxt/webpack-builder - CVE-2025-24361
• webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins - CVE-2026-6402
• Opening a malicious website while running a Nuxt dev server could allow read-only access to code - CVE-2025-24361

You might also like:

Exploiting Server Version Disclosure

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

webpack-dev-server