Product
DevSpace's UI server WebSocket accepts connections from any origin, enabling attackers to access pod logs, interactive shells, and execute commands via cross-origin WebSocket connections; versions up to 6.3.20 are affected, patched in 6.3.21.