Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-28154
HistoryMar 13, 2023 - 1:15 a.m.

Design/Logic Flaw

2023-03-1301:15:00
PRIOn knowledge base
www.prio-n.com
6
webpack
cross-realm
object access
vulnerability
importparserplugin
magic comment
nvd

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

CPENameOperatorVersion
webpackge5.0.0
webpacklt5.76.0