cve/CVE-2023-28154.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/EyalDelarea/JFrog-Frogbot-Demo
https://github.com/OneIdentity/IdentityManager.Imx
https://github.com/jfrog/frogbot
https://github.com/seal-community/patches

864 B Raw Blame History

CVE-2023-28154

Description

POC

Reference

Github

864 B

Raw Blame History