Name of the Vulnerable Software and Affected Versions: esbuild (affected versions not specified)

Description: The issue allows any website to send requests to the development server and read the response due to default CORS settings. This is because esbuild sets the Access-Control-Allow-Origin: * header to all requests, including the SSE connection. An attacker can exploit this by serving a malicious web page, which sends a request to the development server, allowing them to access sensitive information such as compiled content or source maps if the source map option is enabled.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.