Описание
Parcel has an Origin Validation Error vulnerability
parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-56648
- https://github.com/parcel-bundler/parcel/issues/10216
- https://github.com/parcel-bundler/parcel/pull/10138
- https://github.com/parcel-bundler/parcel/commit/4bc56e3242a85491c7edf589966e9b44c6330c49
- https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8
- https://github.com/parcel-bundler/parcel/discussions/10089
Пакеты
@parcel/reporter-dev-server
>= 1.6.1, <= 2.16.3
Отсутствует
Связанные уязвимости
npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.
npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.