Filtered by vendor Webpack.js
Subscriptions
Filtered by product Webpack
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28154 | 1 Webpack.js | 1 Webpack | 2023-11-07 | 9.8 Critical |
| Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. | ||||
Page 1 of 1.