Homepage

Origin Validation Error The advisory has been revoked - it doesn't affect any version of package pcs  (opens in a new tab)

Threat Intelligence

EPSS
0.02% (4th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-PCS-10302047
  • published4 Jun 2025
  • disclosed3 Jun 2025
Report a new vulnerability Found a mistake?

Introduced: 3 Jun 2025

CVE-2025-30360  (opens in a new tab)
CWE-346  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcs package and not the pcs package as distributed by Centos.

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.