Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-28154HistoryMar 13, 2023 - 1:15 a.m.
CVE-2023-28154
2023-03-1301:15:10
Debian Security Bug Tracker
security-tracker.debian.org
11
webpack
cross-realm
object access
security vulnerability
magic comment
cve-2023-28154
importparserplugin.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.2%
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-webpack | < 5.75.0+dfsg+~cs17.16.14-1+deb12u1 | node-webpack_5.75.0+dfsg+~cs17.16.14-1+deb12u1_all.deb |
| Debian | 11 | all | node-webpack | < 4.43.0-6+deb11u1 | node-webpack_4.43.0-6+deb11u1_all.deb |
| Debian | 10 | all | node-webpack | < 3.5.6-3.1 | node-webpack_3.5.6-3.1_all.deb |
| Debian | 999 | all | node-webpack | < 5.76.1+dfsg1+~cs17.16.16-1 | node-webpack_5.76.1+dfsg1+~cs17.16.16-1_all.deb |
| Debian | 13 | all | node-webpack | < 5.76.1+dfsg1+~cs17.16.16-1 | node-webpack_5.76.1+dfsg1+~cs17.16.16-1_all.deb |
Related
nessus
nessus
Fedora 38 : pcs (2023-4d546e6b4b)
2023-04-24 00:00:00
Fedora 36 : pcs (2023-5993ffa09a)
2023-04-24 00:00:00
Rocky Linux 9 : pcs (RLSA-2023:1591)
2023-04-06 00:00:00
oraclelinux
oraclelinux
pcs security update
2023-04-05 00:00:00
openvas
openvas
Fedora: Security Advisory for pcs (FEDORA-2023-cb2e422088)
2023-04-23 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-4d546e6b4b)
2023-04-23 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-5993ffa09a)
2023-04-23 00:00:00
rocky
rocky
pcs security update
2023-04-06 15:23:56
pcs security and bug fix update
2023-05-25 19:53:02
redhatcve
redhatcve
CVE-2023-28154
2023-03-17 05:43:44
CVE-2023-2319
2023-05-05 09:21:24
ibm
ibm
fedora
fedora
[SECURITY] Fedora 38 Update: pcs-0.11.5-2.fc38
2023-04-22 00:49:16
[SECURITY] Fedora 37 Update: pcs-0.11.5-2.fc37
2023-04-22 00:55:59
[SECURITY] Fedora 36 Update: pcs-0.11.5-2.fc36
2023-04-22 01:12:33
cve
cve
CVE-2023-28154
2023-03-13 01:15:10
CVE-2023-2319
2023-05-17 23:15:09
veracode
veracode
Sensitive Information Disclosure
2023-03-15 02:27:09
ubuntucve
ubuntucve
CVE-2023-28154
2023-03-13 00:00:00
prion
prion
Design/Logic Flaw
2023-03-13 01:15:00
Code injection
2023-05-17 23:15:00
cvelist
cvelist
CVE-2023-28154
2023-03-13 00:00:00
CVE-2023-2319
2023-05-17 00:00:00
osv
osv
Important: pcs security update
2023-04-06 15:23:56
Important: pcs security update
2023-04-04 00:00:00
Cross-realm object access in Webpack 5
2023-03-13 03:30:15
nvd
nvd
CVE-2023-28154
2023-03-13 01:15:10
CVE-2023-2319
2023-05-17 23:15:09
redhat
redhat
(RHSA-2023:1591) Important: pcs security update
2023-04-04 09:13:23
(RHSA-2023:2652) Important: pcs security and bug fix update
2023-05-09 11:25:07
github
github
Cross-realm object access in Webpack 5
2023-03-13 03:30:15
almalinux
almalinux
Important: pcs security update
2023-04-04 00:00:00
Important: pcs security and bug fix update
2023-05-09 00:00:00
wordfence
wordfence
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.2%
Related for DEBIANCVE:CVE-2023-28154