4 matches found
CVE-2025-68458 vulnerabilities
Vulnerabilities for packages: librechat, gitlab-rails-ce-fips, drupal, langfuse, langfuse-fips, gitlab-rails-ce...
Linux Distros Unpatched Vulnerability : CVE-2025-68458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack's HTTPS resolver HttpUriPlugin can be bypasse...
CVE-2025-68458 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...
CVE-2025-68458
creationtimestamp| type| source ---|---|--- 2026-02-05 17:34:57+00:00| published-proof-of-concept| https://github.com/webpack/webpack/security/advisories/GHSA-8fgc-7cc6-rx7x...