Github.Com Loft-Sh Devspace vulnerabilities
2 known vulnerabilities affecting github.com/loft-sh_devspace.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-15391P2CRITICAL≥ 0, < 4.14.02022-05-24
CVE-2020-15391 [CRITICAL] CWE-287 DevSpace vulnerable to remote code execution
DevSpace vulnerable to remote code execution
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.
ghsaosv
CVE-2026-42283P3HIGH≥ 6.3.20, < 6.3.212026-05-06
CVE-2026-42283 [HIGH] CWE-200 DevSpace UI Server WebSocket CheckOrigin does not validate source
DevSpace UI Server WebSocket CheckOrigin does not validate source
### Description
DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser to establish a cross-orig
ghsa