search

leanupjs / leanup

Generic CLI to develop, test and build a SPA/PWA (framework independently)
Apache License 2.0
33 stars 5 forks source link

@leanup/stack-webpack is using an old version of Webpack #6809

Closed Ahmad-CGI closed 1 year ago

Ahmad-CGI commented 1 year ago

@leanup/stack-webpack is using an old version of Webpack 5.75.0 and now there is a security update of webpack in a newer versions

I always see this error

Filename: webpack:4.46.0 | Reference: CVE-2023-28154 | CVSS Score: 9.8 | Category: CWE-noinfo | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-28154 for details

deleonio commented 1 year ago

@Ahmad-CGI Bitte einmal die Version 1.3.48 ausprobieren.