EUVD-2018-0484

Malware in sbrugna...

CVE-2018-14731

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a...

Code injection

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a...

CVE-2018-14731

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a...

CVE-2018-14731

The provided connected advisory for parcel-bundler identifies a concrete defect: versions before 1.10.0 of parcel-bundler’s WebSocket server lack origin validation for HMR, allowing a remote attacker to steal a developer’s source code via ws:// connections. This is caused by missing validation of...