Critical Vulnerability Information Vulnerability Overview Vulnerability Name: Source code may be stolen when you access a malicious web site CVE ID: CVE-2023-30359 Severity: Medium (5.3/10) Affected Versions: =5.2.1 Vulnerability Details Description: Source code may be stolen when accessing a malicious website. Cause: Since classic script requests are not restricted by the same-origin policy, attackers can inject into their site and execute the script. Combined with prototype pollution, attackers can obtain references to webpack runtime variables and retrieve source code using the method. Impact CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None Exploitation Method (PoC) 1. Download and extract 2. Run 3. Run 4. Open 5. View source code output in the document and console Technical Details Exploits prototype pollution to attack and extract the reference. Uses the method to retrieve source code. Scope of Impact This vulnerability may lead to source code theft for users who use predictable ports and output paths.