Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39778
HistoryMar 15, 2023 - 2:27 a.m.

Sensitive Information Disclosure

2023-03-1502:27:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
146
sensitive information disclosure
webpack
vulnerability
importparserplugin.js
cross-realm
object access
magic comment
attacker control

0.002 Low

EPSS

Percentile

64.8%

webpack is vulnerable to Sensitive Information Disclosure. The vulnerability exists because ImportParserPlugin.js does not restrict cross-realm object access and mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real global object.

References