AIKIDO-2025-10084
elm-watch is vulnerable to Cross-Site WebSocket Hijacking
21
Low
elm-watch JS
AIKIDO-2025-10084: elm-watch is vulnerable to Cross-Site WebSocket Hijacking in versions 1.2.0 - 1.2.0 and 1.0.0 - 1.1.3.
Cross-Site WebSocket Hijacking
Vuln in 1.0.0 - 1.1.3
Fixed in 1.1.4
Vuln in 1.2.0 - 1.2.0
Fixed in 1.2.2
No CVE available
TL;DR
Who does this affect?
How can it be fixed?
Background info
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
Get protected by Aikido- it's free.
Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido all-in-one platform.
Secure everything you build, host and run with Aikido
Β© 2024 Aikido Security BV | BE0792914919
πͺπΊ Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
πͺπΊ Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
πΊπΈ Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.