webpack-dev-server, Cross-origin source code exposure, CVE-2025-30359 (Moderate)

Listen to this Post

How the mentioned CVE works:

The vulnerability allows a malicious website to bypass cross-origin protections when webpack-dev-server runs on plain HTTP (non-HTTPS). In versions before 5.2.4, the server fails to block `

Scroll to Top