[GHSA-9jgg-88mc-972h] webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

[ivantsepp]

Updates

• Description

Comments
I don't have any changes to the advisory content itself but I would like to be added to the credits. I submitted https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-q67c-98m9-26hf which details the same exact vulnerability that is described in this advisory. The maintainer did not fully understand the vulnerability and did not respond to my comments when I tried to clarify.

I hope sapphi-red is willing to share credits. In fact, I also submitted a vulnerability of the same type (CSWH) at GHSA-vg6x-rcgg-rjx6 which sapphi-red is the maintainer who prompted accepted my report and worked on a fix.

[github]

Hi there @alexander-akait! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[ivantsepp]

tagging in @sapphi-red as well! Sorry to bother, but wanted to ask if you were willing to share credits (I also don't mind being listed as a Finder or Other - just wanted to get some recognition)

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[helixplant]

Hi @ivantsepp,
For matters regarding attribution and crediting, please contact the creator of the advisory and to ask for the advisory to be edited to include your credit. The creator of the advisory can credit you, and the global advisory will automatically update to reflect credits on the repository security advisory.