2 matches found
CVE-2018-14731
The provided connected advisory for parcel-bundler identifies a concrete defect: versions before 1.10.0 of parcel-bundler’s WebSocket server lack origin validation for HMR, allowing a remote attacker to steal a developer’s source code via ws:// connections. This is caused by missing validation of...
CVE-2025-56648
CVE-2025-56648 affects npm parcel 2.0.0-alpha and earlier, with an Origin Validation Error. The vulnerability allows a malicious site to send XMLHTTPRequests to the development server and read the response, potentially stealing source code when developers visit the site. The CVSSv3.1 base score i...