| CVE-2023-28154 |
high |
— |
8.0 |
|
|
|
3y ago |
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain acc… |
| CVE-2025-68458 |
unknown |
— |
— |
|
|
|
4mo ago |
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out… |
| CVE-2025-68157 |
unknown |
— |
— |
|
|
|
4mo ago |
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu… |
| CVE-2024-43788 |
unknown |
— |
— |
|
|
|
2y ago |
Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. Th… |