GHSA-37Q6-576Q-VGR7 Missing Origin Validation in parcel-bundler
Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...