exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2023-28154

больше 2 лет назад

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

CVSS3: 9.8

EPSS: Низкий

CVE-2023-28154

больше 2 лет назад

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

CVSS3: 9.1

EPSS: Низкий

CVE-2023-28154

больше 2 лет назад

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

CVSS3: 9.8

EPSS: Низкий

CVE-2023-28154

больше 2 лет назад

Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...

CVSS3: 9.8

EPSS: Низкий

GHSA-hc6q-2mpp-qw7j

больше 2 лет назад

Cross-realm object access in Webpack 5

CVSS3: 9.8

EPSS: Низкий

ELSA-2023-12235

больше 2 лет назад

ELSA-2023-12235: pcs security update (IMPORTANT)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.	CVSS3: 9.8	1% Низкий	больше 2 лет назад
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.	CVSS3: 9.1	1% Низкий	больше 2 лет назад
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.	CVSS3: 9.8	1% Низкий	больше 2 лет назад
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...	CVSS3: 9.8	1% Низкий	больше 2 лет назад
GHSA-hc6q-2mpp-qw7j Cross-realm object access in Webpack 5	CVSS3: 9.8	1% Низкий	больше 2 лет назад
ELSA-2023-12235 ELSA-2023-12235: pcs security update (IMPORTANT)			больше 2 лет назад

Уязвимостей на страницу