chrome-devtools-frontend 1.0.703015 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the chrome-devtools-frontend package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Improper Neutralization due to insufficient sanitization of special whitespace characters in the `escapeStringWin` function. An attacker can execute arbitrary code by crafting malicious input containing special whitespace characters (e.g., tabs, vertical tabs) that are treated as delimiters by the Windows command prompt. Note: Successful exploitation requires the user to copy and run the contents of the "Copy as cURL" output, which results in command injection. How to fix Improper Neutralization? Upgrade `chrome-devtools-frontend` to version 1.0.1510180 or higher.	<1.0.1510180
L Access Control Bypass chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the `Network.loadNetworkResource` method of the DevTools protocol network handler. An attacker can exfiltrate cross-origin data by sending source map requests through DevTools that bypass connect-src CSP checks. How to fix Access Control Bypass? Upgrade `chrome-devtools-frontend` to version 1.0.1510180 or higher.	<1.0.1510180

Vulnerability

Vulnerable Version

Improper Neutralization

chrome-devtools-frontend is a Chrome DevTools UI

Affected versions of this package are vulnerable to Improper Neutralization due to insufficient sanitization of special whitespace characters in the escapeStringWin function. An attacker can execute arbitrary code by crafting malicious input containing special whitespace characters (e.g., tabs, vertical tabs) that are treated as delimiters by the Windows command prompt.

Note: Successful exploitation requires the user to copy and run the contents of the "Copy as cURL" output, which results in command injection.

How to fix Improper Neutralization?

Upgrade chrome-devtools-frontend to version 1.0.1510180 or higher.

<1.0.1510180

Access Control Bypass

chrome-devtools-frontend is a Chrome DevTools UI

Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the Network.loadNetworkResource method of the DevTools protocol network handler. An attacker can exfiltrate cross-origin data by sending source map requests through DevTools that bypass connect-src CSP checks.

How to fix Access Control Bypass?

Upgrade chrome-devtools-frontend to version 1.0.1510180 or higher.

<1.0.1510180

chrome-devtools-frontend@1.0.703015 vulnerabilities

Chrome DevTools UI

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically