rpm package
opensuse/cockpit-d-installer&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cockpit-d-installer&distro=openSUSE%20Tumbleweed
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28154 | — | < 0.8.1~1-5.1 | 0.8.1~1-5.1 | Mar 13, 2023 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. |
- CVE-2023-28154Mar 13, 2023affected < 0.8.1~1-5.1fixed 0.8.1~1-5.1
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.