webpack-dev-server users' source code may be stolen when they access a malicious web site

Description

Source code may be stolen when you access a malicious web site.

Recommendation

Update the webpack-dev-server package to the latest compatible version. Followings are version details:

• Affected version(s): <= 5.2.0
• Patched version(s): 5.2.1

References

• GHSA-4v9v-hfq4-rm2v
• CVE-2025-30359
• CWE-749
• CAPEC-310
• OWASP 2021-A6

Related Issues

• webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browse - CVE-2025-30360
• Opening a malicious website while running a Nuxt dev server could allow read-only access to code (GHSA-4gf7-ff8x-hq99) - CVE-2025-24361
• Opening a malicious website while running a Nuxt dev server could allow read-only access to code - CVE-2025-24361
• Opening a malicious website while running a Nuxt dev server could allow read-only access to code (GHSA-2452-6xj8-jh47) - CVE-2025-24360

Tags:

npm

webpack-dev-server