CNNVD-202509-2675 Information
CNNVD ID
CNNVD-202509-2675
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
parcel是Parcel开源的一个web的零配置构建工具。。 parcel 2.0.0-alpha及之前版本存在安全漏洞,该漏洞源于源验证错误,恶意网站可向开发服务器发送XMLHTTPRequests并读取响应,可能导致源代码泄露。
Description (English)
Parcel is a web-free configuration builder for Parcel. There is a security loophole in parcel 2.0-alpha and earlier versions, which stems from a source validation error, and a malicious website can send XMLTPRequests and read responses to a development server, which could lead to a leak in the source code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PassBox
Published
2025-09-17
Last Modified
2026-02-24
References
https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8 https://github.com/parcel-bundler/parcel/issues/10216 https://github.com/parcel-bundler/parcel/discussions/10089 https://access.redhat.com/security/cve/cve-2025-56648
Patch
https://github.com/parcel-bundler/parcel/releases
Share on: