Lucene search
Ubuntu.comUB:CVE-2023-28154HistoryMar 13, 2023 - 12:00 a.m.
CVE-2023-28154
2023-03-1300:00:00
ubuntu.com
ubuntu.com
51
webpack
vulnerability
cross-realm object access
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%
Webpack 5 before 5.76.0 does not avoid cross-realm object access.
ImportParserPlugin.js mishandles the magic comment feature. An attacker who
controls a property of an untrusted object can obtain access to the real
global object.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | node-webpack | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | node-webpack | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | node-webpack | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | node-webpack | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | node-webpack | < any | UNKNOWN |
Related
nessus
nessus
Rocky Linux 9 : pcs (RLSA-2023:1591)
2023-04-06 00:00:00
Oracle Linux 9 : pcs (ELSA-2023-12235)
2023-04-06 00:00:00
Fedora 38 : pcs (2023-4d546e6b4b)
2023-04-24 00:00:00
ibm
ibm
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Webpack (CVE-2023-28154)
2023-04-11 12:52:52
osv
osv
Important: pcs security update
2023-04-06 15:23:56
Cross-realm object access in Webpack 5
2023-03-13 03:30:15
Important: pcs security update
2023-04-04 00:00:00
cvelist
cvelist
CVE-2023-28154
2023-03-13 00:00:00
CVE-2023-2319
2023-05-17 00:00:00
veracode
veracode
Sensitive Information Disclosure
2023-03-15 02:27:09
fedora
fedora
[SECURITY] Fedora 38 Update: pcs-0.11.5-2.fc38
2023-04-22 00:49:16
[SECURITY] Fedora 37 Update: pcs-0.11.5-2.fc37
2023-04-22 00:55:59
[SECURITY] Fedora 36 Update: pcs-0.11.5-2.fc36
2023-04-22 01:12:33
prion
prion
Design/Logic Flaw
2023-03-13 01:15:00
Code injection
2023-05-17 23:15:00
openvas
openvas
Fedora: Security Advisory for pcs (FEDORA-2023-4d546e6b4b)
2023-04-23 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-5993ffa09a)
2023-04-23 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-cb2e422088)
2023-04-23 00:00:00
cve
cve
CVE-2023-28154
2023-03-13 01:15:10
CVE-2023-2319
2023-05-17 23:15:09
debiancve
debiancve
CVE-2023-28154
2023-03-13 01:15:10
nvd
nvd
CVE-2023-28154
2023-03-13 01:15:10
CVE-2023-2319
2023-05-17 23:15:09
redhatcve
redhatcve
CVE-2023-28154
2023-03-17 05:43:44
CVE-2023-2319
2023-05-05 09:21:24
oraclelinux
oraclelinux
pcs security update
2023-04-05 00:00:00
rocky
rocky
pcs security update
2023-04-06 15:23:56
pcs security and bug fix update
2023-05-25 19:53:02
github
github
Cross-realm object access in Webpack 5
2023-03-13 03:30:15
redhat
redhat
(RHSA-2023:1591) Important: pcs security update
2023-04-04 09:13:23
(RHSA-2023:2652) Important: pcs security and bug fix update
2023-05-09 11:25:07
almalinux
almalinux
Important: pcs security update
2023-04-04 00:00:00
Important: pcs security and bug fix update
2023-05-09 00:00:00
wordfence
wordfence
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%
Related for UB:CVE-2023-28154