Webpack 安全漏洞

Webpack is a module packager. Its primary purpose is to bundle JavaScript files for use in the browser, but it is also capable of converting, bundling, or packaging almost any resource or asset. A security vulnerability exists in Webpack that stems from a vulnerability that could allow a remote...

Fedora 37 : pcs (2023-cb2e422088)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cb2e422088 advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...

Fedora 36 : pcs (2023-5993ffa09a)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5993ffa09a advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...

Rocky Linux 9 : pcs (RLSA-2023:1591)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a proper...

AlmaLinux 9 : pcs (ALSA-2023:1591)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property...

RHEL 9 : pcs (RHSA-2023:1591)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1591 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm...

CVE-2023-28154

A flaw was found in the webpack package, which could allow a remote attacker to bypass security restrictions caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. This flaw allows an attacker to gain access to the real global object by sending a specially-crafted...

Sensitive Information Disclosure

webpack is vulnerable to Sensitive Information Disclosure. The vulnerability exists because ImportParserPlugin.js does not restrict cross-realm object access and mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real...

Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...