Version Details and Security Vulnerabilities

📦

@parcel/reporter-dev-server

2.9.2

Comparision Betweeen 2.9.2 and 2.9.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

2.13 MB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

@parcel/reporter-dev-server

2.9.2

Comparision Betweeen 2.9.2 and 2.9.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

2.13 MB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.9.2 of the package @parcel/reporter-dev-server.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.9.2 of the package

Summary:

Parcel has an Origin Validation Error vulnerability

Details:

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

Details about @parcel/reporter-dev-server@2.9.2

Summary:

msgpackr's conversion of property names to strings can trigger infinite recursion

Details:

Impact

When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.

Patches

The fix is available in v1.10.1

Workarounds

Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

References

Details about msgpackr@1.8.5

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.9.2 of the package @parcel/reporter-dev-server.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.9.2 of the package

Summary:

Parcel has an Origin Validation Error vulnerability

Details:

Details about @parcel/reporter-dev-server@2.9.2

Summary:

msgpackr's conversion of property names to strings can trigger infinite recursion

Details:

Impact

When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.

Patches

The fix is available in v1.10.1

Workarounds

Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

References

Details about msgpackr@1.8.5

Version Details and Security Vulnerabilities

@parcel/reporter-dev-server

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

@parcel/reporter-dev-server

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Version Details and Security Vulnerabilities

@parcel/reporter-dev-server

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

@parcel/reporter-dev-server

Comparision Betweeen 2.9.2 and 2.9.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

@parcel/reporter-dev-server@2.9.2 GHSA-qm9p-f9j5-w83w 6.5

msgpackr@1.8.5 GHSA-7hpj-7hhx-2fgx 8.6

Impact

Patches

Workarounds

References

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

@parcel/reporter-dev-server@2.9.2 GHSA-qm9p-f9j5-w83w 6.5

msgpackr@1.8.5 GHSA-7hpj-7hhx-2fgx 8.6

Impact

Patches

Workarounds

References