CVE-2018-14731

🗓️ 21 Sep 2018 17:05:29Reported by mitreType

An issue in HMRServer.js in Parcel parcel-bundler allows attackers to steal developer's code by bypassing WebSocket server origin checks for HMR messages

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2018-14731	21 Sep 201817:00	–	cvelist
OSV	Missing Origin Validation in parcel-bundler	30 Oct 201820:36	–	osv
Veracode	Information Disclosure	24 Sep 201806:51	–	veracode
Node.js	Missing Origin Validation	2 Nov 201803:41	–	nodejs
Prion	Code injection	21 Sep 201817:29	–	prion
NVD	CVE-2018-14731	21 Sep 201817:29	–	nvd
Github Security Blog	Missing Origin Validation in parcel-bundler	30 Oct 201820:36	–	github

Nvd

Node

parceljs parcelMatch-

Source	Link
github	www.github.com/parcel-bundler/parcel/pull/1794
blog	www.blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages
github	www.github.com/parcel-bundler/parcel/issues/1783

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Sep 2018 17:29Current

7.5High risk

Vulners AI Score7.5

CVSS25

CVSS37.5

EPSS0.00376

CWE-200