6 matches found
MAL-2022-7054 Malicious code in wcebpack-bunde-analyzer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c7a4300818daab208570421a84bcdd8e7b4950dcae1e6a5dd08f17d9e135497 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-PGR8-JG6H-8GW6 Cross-Site Scripting in webpack-bundle-analyzer
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...
3d-box (>=0.0.3 <=0.0.7), @500tech/react-scripts (>=1.1.3 <=5.1.0-beta.4) +1069 more potentially affected by unknown CVE via webpack-bundle-analyzer (>=1.4.1 <=3.2.0)
webpack-bundle-analyzer NPM version =1.4.1, =0.0.3, =1.1.3, =1.0.0, =1.0.0, =0.9.0, =0.0.1-canary.49, =0.1.3, =1.0.0, =0.0.1, =1.0.1-0, =2.1.0, =2.1.2-4, =1.0.1-0, =2.3.0-beta.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PGR8-JG6H-8GW6...
Cross-Site Scripting in webpack-bundle-analyzer
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...
Cross-Site Scripting
Overview Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later. References - GitHub PR - Snyk Report - GitH...
Node.js third-party modules: [webpack-bundle-analyzer] Cross-site Scripting
I would like to report Cross-site Scripting in webpack-bundle-analyzer. It allows injecting and executing arbitray JavaScript code. Module module name: webpack-bundle-analyzer version: 3.0.3 npm page: https://www.npmjs.com/package/webpack-bundle-analyzer Module Description Visualize size of webpa...