VYPR

rpm package

opensuse/agama-web-ui&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/agama-web-ui&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2026-9277HigMay 22, 2026
    affected < 21+360.16caae772-44.1fixed 21+360.16caae772-44.1

    shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line te

  • CVE-2026-6402MedMay 12, 2026
    affected < 21+360.16caae772-44.1fixed 21+360.16caae772-44.1

    webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers om

  • CVE-2023-28154Mar 13, 2023
    affected < 9+52-1.1fixed 9+52-1.1

    Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.