Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:LCoder Code Server
APPCoder< 4.10.1
Related vulnerabilities
code-server is vulnerable to Inefficient Regular Expression Complexity
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execut...
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip S...
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7...
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 thro...