Origin Validation Error
Versions of the package code-server prior to 4.10.1-rc.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.