browserify-hmr@0.2.1 vulnerabilities

Hot Module Replacement plugin for Browserify

Direct Vulnerabilities

Known vulnerabilities in the browserify-hmr package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Access Restriction Bypass

browserify-hmr is an implementation of Webpack's Hot Module Replacement API as a plugin for Browserify.

Affected versions of this package are vulnerable to Access Restriction Bypass. The origin of requests was not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone could receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin.

How to fix Access Restriction Bypass?

Upgrade browserify-hmr to version 0.4.0 or higher.

<0.4.0