Missing Origin Validationbrowserify-hmr
All versions of
browserify-hmr are missing origin validation on the websocket server.
This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
As there is currently no fix for this module we recommend not using this module or using caution and understanding and accepting the risk posed by using this module for development.