VYPR

npm package

parcel-bundler

pkg:npm/parcel-bundler

Vulnerabilities (1)

  • CVE-2018-14731HigSep 21, 2018
    affected < 1.10.0fixed 1.10.0

    An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the Web