Webpack 5 before 5.76.0 does not... CVE-2023-28154

- AV AC AU C I A
发布: 2023-03-13
修订: 2025-02-27

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息