Linux Distros Unpatched Vulnerability : CVE-2025-68157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack's HTTPS resolver HttpUriPlugin enforces...

CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

CVE-2025-68157

Webpack vulnerability CVE-2025-68157 affects the HttpUriPlugin when experiments.buildHttp is enabled. From 5.49.0 through versions before 5.104.0, allowedUris are validated only for the initial URL; redirects (HTTP 30x) are not re-validated, allowing an import restricted to a trusted allow-list t...