rpm package
opensuse/cockpit-agama&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cockpit-agama&distro=openSUSE%20Tumbleweed
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28154 | — | < 2.1+0-1.1 | 2.1+0-1.1 | Mar 13, 2023 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. |
- CVE-2023-28154Mar 13, 2023affected < 2.1+0-1.1fixed 2.1+0-1.1
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.