Vulnerabilities > Coder

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-26114 Origin Validation Error vulnerability in Coder Code-Server
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes.
network
low complexity
coder CWE-346
critical
9.3
2022-05-11 CVE-2021-42648 Cross-site Scripting vulnerability in Coder Code-Server
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.
network
low complexity
coder CWE-79
6.1
2021-09-17 CVE-2021-3810 Unspecified vulnerability in Coder Code-Server
code-server is vulnerable to Inefficient Regular Expression Complexity
network
low complexity
coder
7.5