Version Details and Security Vulnerabilities

📦

@parcel/config-default

2.9.2

Comparision Betweeen 2.9.2 and 2.9.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

8.87 KB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

@parcel/config-default

2.9.2

Comparision Betweeen 2.9.2 and 2.9.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

8.87 KB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.9.2 of the package @parcel/config-default.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.9.2 of the package

Summary:

msgpackr's conversion of property names to strings can trigger infinite recursion

Details:

Impact

When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.

Patches

The fix is available in v1.10.1

Workarounds

Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

References

Details about msgpackr@1.8.5

Summary:

Parcel has an Origin Validation Error vulnerability

Details:

parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

Details about @parcel/reporter-dev-server@2.9.2

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.9.2 of the package @parcel/config-default.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.9.2 of the package

Summary:

msgpackr's conversion of property names to strings can trigger infinite recursion

Details:

Impact

When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.

Patches

The fix is available in v1.10.1

Workarounds

Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

References

Details about msgpackr@1.8.5

Summary:

Parcel has an Origin Validation Error vulnerability

Details:

Details about @parcel/reporter-dev-server@2.9.2

Version Details and Security Vulnerabilities

@parcel/config-default

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

@parcel/config-default

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Version Details and Security Vulnerabilities

@parcel/config-default

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

@parcel/config-default

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

msgpackr@1.8.5 GHSA-7hpj-7hhx-2fgx 8.6

Impact

Patches

Workarounds

References

@parcel/reporter-dev-server@2.9.2 GHSA-qm9p-f9j5-w83w 6.5

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

msgpackr@1.8.5 GHSA-7hpj-7hhx-2fgx 8.6

Impact

Patches

Workarounds

References

@parcel/reporter-dev-server@2.9.2 GHSA-qm9p-f9j5-w83w 6.5