webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browse
- Severity:
- Medium
Description
Source code may be stolen when you access a malicious web site with non-Chromium based browser.
Recommendation
Update the webpack-dev-server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 5.2.0
- Patched version(s): 5.2.1
References
Related Issues
- Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability (GHSA-m5vv-6r4h-3vj9) - CVE-2024-35255
- webpack-dev-server users' source code may be stolen when they access a malicious web site - CVE-2025-30359
- @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtrac - CVE-2025-25290
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- Tags:
- npm
- webpack-dev-server
Anything's wrong? Let us know Last updated on June 04, 2025