Vulnerabilities (CVE)

Filtered by vendor Webpack.js Subscribe
Filtered by product Webpack
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28154 1 Webpack.js 1 Webpack 2023-12-10 N/A 9.8 CRITICAL
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.