Lucene search

K
cvelistMitreCVELIST:CVE-2023-28154
HistoryMar 13, 2023 - 12:00 a.m.

CVE-2023-28154

2023-03-1300:00:00
mitre
www.cve.org
webpack security issue
cross-realm object access
importparserplugin.js vulnerability
magic comment feature
global object access

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.