Filtered by vendor Webpack.js
Subscriptions
Filtered by product Webpack
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-28154 | 1 Webpack.js | 1 Webpack | 2023-11-07 | 9.8 Critical |
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. |
Page 1 of 1.