Site icon API Security Blog

Cross-site WebSocket Hijacking

Victor Test

image
webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious…Read More

Exit mobile version