Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/webpack-dev-server@1.16.0

Type npm

Namespace

Name webpack-dev-server

Version 1.16.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.1.6

Latest_non_vulnerable_version 5.2.4

Affected_by_vulnerabilities

url VCID-75e2-9wkm-m3e8

vulnerability_id VCID-75e2-9wkm-m3e8

summary

Improper Input Validation
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14732

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.3896
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14732

reference_url

https://github.com/webpack/webpack-dev-server

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webpack/webpack-dev-server

reference_url

https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md#3111-2018-12-21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md#3111-2018-12-21

reference_url

https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10

reference_url

https://github.com/webpack/webpack-dev-server/issues/1445

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webpack/webpack-dev-server/issues/1445

reference_url

https://github.com/webpack/webpack-dev-server/issues/1620

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webpack/webpack-dev-server/issues/1620

reference_url

https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.11

reference_url

https://www.npmjs.com/advisories/725

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/725

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/485.json

reference_id

485

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/485.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14732

reference_id

CVE-2018-14732

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14732

fixed_packages

url	pkg:npm/webpack-dev-server@3.1.6
purl	pkg:npm/webpack-dev-server@3.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/webpack-dev-server@3.1.6

url	pkg:npm/webpack-dev-server@3.1.11
purl	pkg:npm/webpack-dev-server@3.1.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/webpack-dev-server@3.1.11

aliases CVE-2018-14732, GHSA-cf66-xwfp-gvc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75e2-9wkm-m3e8

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/webpack-dev-server@1.16.0

Package Instance