发布于3月6日3月6日 Members Oracle Linux: CVE-2023-28154: ELSA-2023-12235:pcs security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 03/13/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/07/2025 Description Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. A flaw was found in the webpack package, which could allow a remote attacker to bypass security restrictions caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. This flaw allows an attacker to gain access to the real global object by sending a specially-crafted request. Solution(s) oracle-linux-upgrade-pcs oracle-linux-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-28154 CVE - 2023-28154 ELSA-2023-12235
